Re: System Administrator Spam Must Go :-(
- From: "irtheman" <irtheman@xxxxxxxxx>
- Date: 7 Nov 2006 15:33:56 -0800
This is a very interesting idea. I am not sure how to do this but I am
going to look into it.
Thanks!
Matthew
Wallyb132 wrote:
Matthew,
Another option you have is to use the sender filter in the message delivery
options. this filter will block incoming email from mybusiness@xxxxxxxxxxxxxx
but should have no affect on internal messages sent from mybusiness, also
will not affect outbound bounce messages sent by mybusiness@xxxxxxxxxxxxxxx
remember if you do use the sender filter, you also have to enable the rule
on the SMTP virtual server as well.
Walter
"Chuck" wrote:
This same thing happened to one of my clients. It turns out that SBS when it
creates the distrbution group for domain users also creates an exchange email
account called "xyzdomain @xyzdomain.com" and i'm guessing that you are being
spoofed.
For example lets say that your client's domain name is mybusiness.com, SBS
creates a default email address of mybussiness@xxxxxxxxxxxxxxx Now if your
client has a internet facing website www.mybusiness.com it doesn't take a
spammer long to realize that the email address mybussiness@xxxxxxxxxxxxxx
probably exists and spoofs it. Thus the spammer sends out tons of spam with
the return address of mybussiness@xxxxxxxxxxxxxx and everyone in your domain
begins to receive NDR's that appear to being sent internally so, Exchange,
IMF, and most other anti-spam programs consider them as safe.
The resolution in my case was to bring up the properties of the domain users
distribution group and change the email address to something other than
mybussiness@xxxxxxxxxxxxxx and limit who could actually use the new email
address.
Also, since most anti-spam programs trust internal emails and don't
perform checks on them it's a good idea if possible to change that setting.I
don't have any experience with GFI so I'm not sure if this would apply to you.
Hope that this helps.
Chuck Cox
Midnight Blues Designs, llc
"irtheman" wrote:
The email users are getting lots of messages like this one. In fact,
this type of message makes up the bulk of our spam (We are using GFI by
the way). We can't seem to get these messages filtered out and we
can't use rules on them. I am guessing but is this because they are
from the System Administrator? How can I stop these?
Thanks!
Matthew Hanna
From: System Administrator
Sent: Saturday, November 04, 2006 10:51 AM
To: J. C. Swan
Subject: Undeliverable: these are the holy flesh bright carried away
and
Your message did not reach some or all of the intended recipients.
Subject: these are the holy flesh bright carried away and
Sent: 11/4/2006 10:50 AM
The following recipient(s) could not be reached:
J. C Swan on 11/4/2006 10:51 AM
The e-mail account does not exist at the organization this
message was sent to. Check the e-mail address, or contact the
recipient directly to find out the correct address.
asasbs.ASA.local
.
- Follow-Ups:
- Re: System Administrator Spam Must Go :-(
- From: Les Connor [SBS Community Member - SBS MVP]
- Re: System Administrator Spam Must Go :-(
- References:
- System Administrator Spam Must Go :-(
- From: irtheman
- RE: System Administrator Spam Must Go :-(
- From: Wallyb132
- System Administrator Spam Must Go :-(
- Prev by Date: Re: VPN Question
- Next by Date: Re: Server on new domain - logon issues
- Previous by thread: RE: System Administrator Spam Must Go :-(
- Next by thread: Re: System Administrator Spam Must Go :-(
- Index(es):
Relevant Pages
|
