Question : Tracking the source of internal spam

Hello,

We are trying to isolate a spam issue where our users are recieving NDR messages from
[email protected]om. These original messages are obviously spam and the spammer is using our legitimate users as spoofed sender addresses.

Our firewall is configured to only allow outbound smtp messages from our mail server and I have verified that no other device is sending smtp packets. Using ethereal I can see that there is no client sending smtp emails and relaying them off of our exchange server however is it possible for a virus or spam bot to be sending these messages via another protocol?

Any suggestions on troubeshooting further would be appreciated. My believe is that this is originating outside of our network from an infected home machine or harvested email addresses however I am having difficulty proving.

Thank you,

brian

Answer : Tracking the source of internal spam

This is a common SPAM technique and the email is not originating from inside your network. There really isn't anything you can do to completely prevent this but setting up a DNS SPF record will help.

Random Solutions

Exchange Server 2003 SMTP error

Win 2003 Server DNS

OID's and Linksys

created a scope 192.168.11.0 on the dhcp. the computers get the ip in the 11 range but cannot access internet and shared drives

How to avoid scanning email massage popup in System tray while sending mail using SMTP

Terminal Services Rounting Problem?

Cannot share files between computers

Problem with Zyxel Prestige 660-R and Checkpoint & Linksys firewall/routers

Broadcom BCM5703 Fibre network card compatible with RJ-45 copper?

Cisco 837 Nat table limit