Re: Exchange 2000 and Spam mail

Tech-Archive recommends: Speed Up your PC by fixing your registry

From: Roberto Franceschetti (roberto_at_netwide.net)
Date: 09/12/04 

Date: 12 Sep 2004 07:36:43 -0700

Don,

>From your description your users could be receiving emails from
spammers who send you emails using a fake "From" email address that
spoofs your own domain. This is a very common scenario for spammers,
as it makes it more likely for the recipient to open the emails since
they appear to come from their domain.

You can try SpamFilter ISP (www.spamfilterisp.com) from LogSat
Software. It's free for use in non-production environments (it's fully
functional, not a demo). The retail version is very affordable, as
it's licensed for $600 per server (only 1 license is required in most
environments), not per user.

SpamFilter ISP has many filters to help reduce spam. One of them is
the ability to reject emails that have a fake "from" email address
that is the same as your domain, as could be your case here. It also
supports SPF filtering (check http://spf.pobox.com for more info),
which also helps in reducing spam that have a fake email address.

Roberto Franceschetti
LogSat Software

"Don" <anonymous@discussions.microsoft.com> wrote in message news:<289401c48e7d$fca34070$a501280a@phx.gbl>...
> I'm not sure what or where to start looking but I have
> noticed that my exchange users on the network are getting
> spam that appears to be coming from themselves and other
> users on the network along with people we never heard of.
> All messages have the same content but the subject will
> sometimes appear different such as "Top quality software
> for less" or the from field says its from me "Don" but
> then the subject says hello "Don you can order pain meds"
> which makes it appear from you but to you. I hope this
> made sense. I read the previous spam inquiry below but all
> was not possible.
> ==========================================================
> Try running you mail server through multiple spam relay
> testers. Some good
> ones are at http://spamlinks.openrbl.org/tools-
> relay.htm#web. This should
> give you an idea of how messages are getting through. The
> next step is to
> make it so that your POP/IMAP users who send mail
> legitimately through your
> system are authenticated first. This can be done by going
> into the smtp
> virtual server/access and selecting authentication. Make
> sure that anonymous
> is checked off for inbound mail to your domain. Also,
> make sure that Basic
> and windows integrated authentication is checked off
> also.
>
> After this is done, go to relay, the default radio button
> selected should be
> "only the list below" You can leave it blank if you'd
> like, or input any
> domains/ip addresses that can relay. Make sure that the
> check box on the
> bottom is checked off. It says "Allow all computers which
> successfully
> authenticate to relay, regardless of the list above. On
> the POP/IMAP
> clients, there should be a checkbox for outgoing mail
> authentication, select
> it and they should be able to use the same settings as
> inbound mail
> selection. If after doing this, you still have people
> saying that they're
> getting spammed from you, turn up diagnostic logging on
> your smtp protocol.
> That's in the properties of your server. Set it to
> maximum for
> msExchangeTransport. Whenever a message is relayed
> through your server, it
> will note the ip address/domain name. Compare this with
> the message headers
> of the messages that your isp says are coming from your
> system. Since
> authentication is needed, the spammer must have a valid
> username/password for
> your system. Sorry for the lengthy reply, hope that this
> helps.
>
> Regards,
> ==========================================================
> My exchange 2k would not allow me to uncheck all three
> boxes
> 1.Anonymous
> 2.Basic Authentication
> 3.Integrated Windows Authentication
>
> so I unchecked the first two.
>
> Any other things I should check for or are there any other
> good practices I should take in running an exchange server?
>
> All suggestion are greatly appreciated.
>
> Thanks, Don

Quantcast