@mark rosenbaum: The senders name is a user on our domain and he is using a MAC
mark rosenbaum
(May 23, 2011)
in response to this post
in response to this post
@mark rosenbaum: According to the log message, this is an outgoing email relayed thru your server, which ORF will not filter (it is designed to filter incoming emails only). Most likely, a spammer has the username/password combination of this user and using this account to relay spam out using your server. I strongly suggest changing the password of this account immediately and make sure you allow only authenticated users to relay.
Krisztian Fekete (Vamsoft)
(May 24, 2011)
in response to this post
in response to this post
@Krisztian Fekete (Vamsoft): changed password and it is still happening
mark rosenbaum
(May 24, 2011)
in response to this post
in response to this post
Disabled account in active directories and the messages are still coming through???
mark rosenbaum
(May 24, 2011)
@mark rosenbaum: If disabling the account won't stop it, that could mean the spammer is able to relay without authentication. Are you sure relaying restricted to authenticated users only?
See these articles:
http://www.petri.co.il/preventing_exchange_2000_2003_from_relaying.htm
http://support.microsoft.com/?id=324285
See these articles:
http://www.petri.co.il/preventing_exchange_2000_2003_from_relaying.htm
http://support.microsoft.com/?id=324285
Krisztian Fekete (Vamsoft)
(May 25, 2011)
in response to this post
in response to this post
Version: 4.4 REGISTERED
Log Mode: Verbose
Server:
Source: SMTPSVC-1
Time: 5/23/2011 1:17:33 PM
Class: System Message
Severity: Information
Actions: (not available)
Filtering Point: Non-filtering
HELO/EHLO Domain: (not available)
Related IP Address: 65.54.188.72
Message ID: (not available)
Email Subject: mgo1--高 级 秘 书、助 理 和 行 政 人 员 技 能 提 高 训 练 营Ё
Sender:
Recipient(s):
*
*
*
*
*
*
*
*
*
Message:
Added "bricker@worldnet.att.net" to the Auto Sender Whitelist.