Re: SPAM Relay
- From: "Larry Struckmeyer" <lstruckmeyer(at)mis-wizards(dot)com>
- Date: Thu, 3 Apr 2008 20:53:00 -0400
To answer both of your last posts.... unless you have mis spelled your own
name somewhere in your ad setup, it is unlikely that message originated with
you. I vote for a spoof, and you should endever to get an SPF record.
As to the other one, I can forward the dns and sorbs reports to your email.
We know the last part, so give me the first part and I will.
--
Larry
Please post the resolution to
your issue so that all can benefit.
"SpinalTap" <SpinalTap@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D1033B00-DB7B-493D-BB9B-B7EA3572F57B@xxxxxxxxxxxxxxxx
Here is the header information. If you look at the from information, the
name "duane dusty" is wrong, but the email address is definitely mine.
Received: from 213.60.187.54 (unknown [213.60.187.54])
by inbound.sys.gtei.net (Postfix) with ESMTP id 8B0DF37557
for <rstevens@xxxxxxxxxxxxxxxx>; Thu, 3 Apr 2008 16:40:33 +0000 (GMT)
Message-ID: <000701c895a9$06e1d392$e2f0c098@vaixhn>
From: "dane dusty" <*****.***** at dgsteinconsulting dot com>
To: "Maureen Osborne" <rstevens@xxxxxxxxxxxxxxxx>
Subject: Get Timepieces Search for Timepieces
Date: Thu, 03 Apr 2008 14:53:09 +0000
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
"Larry Struckmeyer" wrote:
If you right click the header info of one of those messages you may be
able
to see its original source. You may have to go all the way down the
list.
--
Larry
Please post the resolution to
your issue so that all can benefit.
"SpinalTap" <SpinalTap@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:FBDA8157-2288-476D-AC69-BE72858E42BD@xxxxxxxxxxxxxxxx
Here is one of the messages:
Your message did not reach some or all of the intended recipients.
Subject: David Yurman Watches
Sent: 4/3/2008 2:31 PM
The following recipient(s) cannot be reached:
tafson@xxxxxxxxxxxxxxx on 4/3/2008 3:29 PM
You do not have permission to send to this recipient. For
assistance, contact your system administrator.
< barracuda.prsresearch.com #5.7.1 smtp; 550 5.7.1 Message
content rejected, UBE, id=14852-01-27>
"Larry Struckmeyer" wrote:
Your dns report and your sorbs report were both clean, so you may just
be
a
victim of a spoofer. You do not have a spf record for that domain.
Post one of the messages.
--
Larry
Please post the resolution to
your issue so that all can benefit.
"SpinalTap" <SpinalTap@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:51153C5C-9E26-450E-88E3-7174014227BE@xxxxxxxxxxxxxxxx
Hi Larry,
Thanks for the reply.
My domain is at dgsteinconsulting dot com.
The public IP address is: 68 146 16 140
Also, I just looked in my SPAM quarantine and there were an
additional
400
email replies from destinations sent from my domain.
Thanks.
-Dean
"Larry Struckmeyer" wrote:
Hi SpinalTap:
If you post your email domain name, that is the part after the @,
we
can
check it for you. Disguise it as in *at*my*company*dot*com (remove
the
stars).
There are a number of things that can go wrong. One that just
happened
to a
client was that he allowed the shop workers to use the wireless
side
of
his
router to use their notebooks at breaks and lunch. One or more of
them
was
infected and his IP was blacklisted, even though it has nothing to
do
with
his domain name.
Therefore the public ip address of your wan facing device would
also
be
helpful.
Here are some articles about checking for relay, but SBS/Exchange
is
not
setup to relay unless your administrator specifically changed the
settings.
http://support.microsoft.com/kb/895853
http://www.microsoft.com/technet/security/prodtech/exchangeserver/excrelay.mspx
http://support.microsoft.com/kb/304897
I would be much more likely to suspect some other issue. shoot us
the
domain name and the ip address and we can check, or you can use
www.dnsstuff.com and www.sorbs.net to run some checks yourself.
--
Larry
Please post the resolution to
your issue so that all can benefit.
"SpinalTap" <SpinalTap@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9671A1FD-2D10-41F4-A7D4-0618BB8FE6BC@xxxxxxxxxxxxxxxx
Hello,
I am not exactly sure if my SBS server is acting as a SPAM relay
but
what
is
happening is that I am receiving a bunch of replies from
destination
addresses. These replies are indicating that messages from one
of
our
accounts have been blocked, and the subject indicates that it is
definitely
spam. This started happing today, and I have not made any
significant
changes to my configuration.
Is there a way to determine if I am acting as a relay? Also, we
only
use
RWW for accessing email (i.e no POP3), but we do access other
POP3
accounts
from other mail services. Given that, what can I turn off to
reduce
the
chance that this can happen.
Thanks in advance for any insight.
-Dean
.
- References:
- SPAM Relay
- From: SpinalTap
- Re: SPAM Relay
- From: Larry Struckmeyer
- Re: SPAM Relay
- From: SpinalTap
- Re: SPAM Relay
- From: Larry Struckmeyer
- Re: SPAM Relay
- From: SpinalTap
- Re: SPAM Relay
- From: Larry Struckmeyer
- Re: SPAM Relay
- From: SpinalTap
- SPAM Relay
- Prev by Date: Re: VoIP over same LAN but different IAP
- Next by Date: Re: SPAM Relay
- Previous by thread: Re: SPAM Relay
- Next by thread: Re: SPAM Relay
- Index(es):
Relevant Pages
|
|
