DodgeIntrepid.Net Forums banner

1 - 4 of 4 Posts

·
Registered
Joined
·
4,739 Posts
Discussion Starter #1
All of a sudden.... I have a spammer that is somehow able to send out goddam Life Insurance savings emails from mailboxes that sit in my global address book.

This is not good because they are apparently also sending these mails to other people in the company (I got one, hence this is how i found this out)... so i am gonna get hit with plenty of questions from the CFO regarding this on Monday.

Is there any way to prevent this? Ive never had this problem before. Any help greatly appreciated. Im running exchange 5.5 behind a Checkpoint FW-1 firewall.

Thanks.
 

·
Registered
Joined
·
4,739 Posts
Discussion Starter #2
Just a quick note on this.... I checked a couple of user's mailboxes and I dont see these emails. So maybe only I got them because I have the postmaster account linked to my mailbox so I get a lot of NDRs and stuff like that. But I will want to try to prvent this. Any tips? There is definitely some spoofing going on.
 

·
Registered
Joined
·
229 Posts
Messages such as the ones you describe are often sent by outside sources using addresses culled from following sources among others:

Joke Lists
Usenet
Web Forums
etc.

The only way to deal with specific spammers are to block them at your firewall and/or internet SMTP gateway. However, as SMTP is about the easiest thing on the planet to spoof, you may not be looking at their real information.

The only accurate method to track the senders is to institute logging at the internet SMTP gateway and at your firewall. You will then have to match the entries in the logs in order to get the information you need. As you can imagine, it may take a couple of instances to correctly coorelate the information if your SMTP gateway is heavily used.

This illustrates one of the main reasons to have ALL devices on your network sync'ed to a single authorotative time source. Without having that in place, you will not be able to match the log entries unless your traffic is limited to begin with.

Check out SamSpade.org for some handy reading materials and rudimentary network tracing tools. Once you understand the general theories and purposes behind the information described there, you should have a solid enough base to start thinking of how you can apply your own solutions to the network.
 

·
Registered
Joined
·
229 Posts
BTW, convince your corporate officers to allow you (or someone else preferably) to enforce the company's Data Access Policy. You do have one don't you? :D If not, check out some of the usage policies at Universities and US Goverment sites (state and city policies suck) to get an idea as to what you might or might not want to include in yours.

Trust me, you do not want to play data nazi and have to enforce the policies yourself. Your role in the process should be to help draft the policy that your legal people (or mucky-mucks if you have none) will put forth as corporate policy. In addition, you should put the tools in place to allow for reporting of policy violations. You may have to generate the reports yourself, but ideally, the reports will be ran by the policy enforcer(s).

If your boss tries to stick you with the enforcement duty, just ask them who currently enforces the companies drug, attendance, etc. policies and they should see the light. Corporate policy enforcement is not the domain of an IT department. IT is there to provide technology to access and process any information that the business drivers require.

The reason I bring all of this up is that I can almost guarantee you that the addresses were culled from some form of mailing list that your (l)users are on. Whether that be some list served by a list server or some "You just HAVE to read this joke...it's funny!!" forwarding ring, your (l)users most likely were using company resources (email) for personal reasons thereby leading to your current problem.
 
1 - 4 of 4 Posts
Top