Microsoft Exchange Problem - DodgeIntrepid.Net Forums - Dodge Intrepid, Concorde, 300m and Eagle Vision chat
 
LinkBack Thread Tools Rate Thread Display Modes
post #1 of 4 (permalink) Old 06-16-2002, 02:17 PM Thread Starter
Intrepid Pro
 
DjPiLL's Avatar
 
Join Date: Jun 2001
Location: New York City
Posts: 4,739
Feedback: 1 / 100%
                     
Microsoft Exchange Problem

All of a sudden.... I have a spammer that is somehow able to send out goddam Life Insurance savings emails from mailboxes that sit in my global address book.

This is not good because they are apparently also sending these mails to other people in the company (I got one, hence this is how i found this out)... so i am gonna get hit with plenty of questions from the CFO regarding this on Monday.

Is there any way to prevent this? Ive never had this problem before. Any help greatly appreciated. Im running exchange 5.5 behind a Checkpoint FW-1 firewall.

Thanks.

DjPiLL
2010 Jeep Wrangler Sahara
2011 Audi S5 Cabriolet
DjPiLL is offline  
Sponsored Links
Advertisement
 
post #2 of 4 (permalink) Old 06-16-2002, 02:24 PM Thread Starter
Intrepid Pro
 
DjPiLL's Avatar
 
Join Date: Jun 2001
Location: New York City
Posts: 4,739
Feedback: 1 / 100%
                     
Just a quick note on this.... I checked a couple of user's mailboxes and I dont see these emails. So maybe only I got them because I have the postmaster account linked to my mailbox so I get a lot of NDRs and stuff like that. But I will want to try to prvent this. Any tips? There is definitely some spoofing going on.
DjPiLL is offline  
post #3 of 4 (permalink) Old 06-19-2002, 05:05 PM
cj
 
Join Date: Aug 2001
Posts: 229
Feedback: 0 / 0%
 
Messages such as the ones you describe are often sent by outside sources using addresses culled from following sources among others:

Joke Lists
Usenet
Web Forums
etc.

The only way to deal with specific spammers are to block them at your firewall and/or internet SMTP gateway. However, as SMTP is about the easiest thing on the planet to spoof, you may not be looking at their real information.

The only accurate method to track the senders is to institute logging at the internet SMTP gateway and at your firewall. You will then have to match the entries in the logs in order to get the information you need. As you can imagine, it may take a couple of instances to correctly coorelate the information if your SMTP gateway is heavily used.

This illustrates one of the main reasons to have ALL devices on your network sync'ed to a single authorotative time source. Without having that in place, you will not be able to match the log entries unless your traffic is limited to begin with.

Check out SamSpade.org for some handy reading materials and rudimentary network tracing tools. Once you understand the general theories and purposes behind the information described there, you should have a solid enough base to start thinking of how you can apply your own solutions to the network.
cj is offline  
Sponsored Links
Advertisement
 
post #4 of 4 (permalink) Old 06-19-2002, 05:16 PM
cj
 
Join Date: Aug 2001
Posts: 229
Feedback: 0 / 0%
 
BTW, convince your corporate officers to allow you (or someone else preferably) to enforce the company's Data Access Policy. You do have one don't you? If not, check out some of the usage policies at Universities and US Goverment sites (state and city policies suck) to get an idea as to what you might or might not want to include in yours.

Trust me, you do not want to play data nazi and have to enforce the policies yourself. Your role in the process should be to help draft the policy that your legal people (or mucky-mucks if you have none) will put forth as corporate policy. In addition, you should put the tools in place to allow for reporting of policy violations. You may have to generate the reports yourself, but ideally, the reports will be ran by the policy enforcer(s).

If your boss tries to stick you with the enforcement duty, just ask them who currently enforces the companies drug, attendance, etc. policies and they should see the light. Corporate policy enforcement is not the domain of an IT department. IT is there to provide technology to access and process any information that the business drivers require.

The reason I bring all of this up is that I can almost guarantee you that the addresses were culled from some form of mailing list that your (l)users are on. Whether that be some list served by a list server or some "You just HAVE to read this joke...it's funny!!" forwarding ring, your (l)users most likely were using company resources (email) for personal reasons thereby leading to your current problem.
cj is offline  
Sponsored Links
Advertisement
 
Reply

Quick Reply
Message:
Options

Register Now



In order to be able to post messages on the DodgeIntrepid.Net Forums - Dodge Intrepid, Concorde, 300m and Eagle Vision chat forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.

Member names may only be composed of alpha-numeric characters. (A-Z and 0-9)

!!ATTENTION ADVERTISERS!! If you intend on advertising anything on this forum, whatsoever, you are required to first contact us here . Additionaly, we do NOT allow BUSINESS NAMES unless you are an Authorized Vendor. If you own a business, and want to do sales on this site via posting or private message, you will need to follow the rules. Shops, Stores, Distributors, Group Buys without being authorized will see your account terminated.

User Name:
Password
Please enter a password for your user account. Note that passwords are case-sensitive.

Password:


Confirm Password:
Email Address
Please enter a valid email address for yourself.

Email Address:
OR

Log-in










Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page
Display Modes Rate This Thread
Linear Mode Linear Mode
Rate This Thread:



Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

 
For the best viewing experience please update your browser to Google Chrome