Hello, I use Exchange 2007 and MYBOSS is receiving spams.. I did block IPs and also block the content used in the subjet: "*** SPAM ***" and "SPAM" but The email below has gone through (see header). I check the BypassedSenderDomains and have just an internal one. No outiside domains by passed. I got stuck and don't know what to do now... I was about toblcok the IP 69.65.57.229 butr it seems like it will continue.. Would you have any better solution to stop the spams? Received: from EDGE.Company.com (100.XXX.2.XX) by HUBCAS01.company.intra (100.XXX.1.XX) with Microsoft SMTP Server (TLS) id 8.1.393.1; Wed, 29 Sep 2010 14:09:03 +0200 Received: from tany29.akitany.com (69.65.57.229) by EDGE.Company.com (100.XXX.2.XX) with Microsoft SMTP Server id 8.1.263.0; Wed, 29 Sep 2010 14:07:31 +0200 Received: by tany29.akitany.com (PowerMTA(TM) v3.0c2) id hkclva01g74r; Wed, 29 Sep 2010 08:07:04 -0400 (envelope-from <Gary_John@akitany.com>) Date: Wed, 29 Sep 2010 08:07:03 -0400 From: Ink-Toner 85pct-off 0-shipping-C-Detls <Gary_John@akitany.com> Subject: *** SPAM ***Bulletin.-Product Ink and Toner 85pct off To: <MYBOSS@company.com> Message-ID: <xmWkopVjGd39zp0uo9nVMg@akitany.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 8bit Content-Disposition: inline Return-Path: Gary_John@akitany.com X-MS-Exchange-Organization-PRD: akitany.com Received-SPF: Pass (EDGE.Company.com: domain of Gary_John@akitany.com designates 69.65.57.229 as permitted sender) receiver=EDGE.Company.com; client-ip=69.65.57.229; helo=tany29.akitany.com; X-MS-Exchange-Organization-PCL: 2 X-MS-Exchange-Organization-Antispam-Report: DV:3.3.8414.660;SV:3.3.8520.1261;SID:SenderIDStatus Pass;OrigIP:69.65.57.229 X-Spam-Flag: YES X-Spam-Status: YES, hits=8 required=5, ct-refid=[str=0001.0A3D0202.4CA32C0C.0098,ss=1,pt=R_F_5806796,fgs=0], tests=CTENGINE_CONFIRMED X-MS-Exchange-Organization-SCL: 8 X-MS-Exchange-Organization-SenderIdResult: PASS

Are you receivign the mail from the same domain address IS your domain name akitany.com ? Then your domain is open for spoofing. Your server is accepting mail maybe a hub server ? You need to enable only authenticated mails.

Please follow this .. http://exchangepedia.com/2008/09/how-to-prevent-annoying-spam-from-your-own-domain.html http://blogs.technet.com/b/trex/archive/2008/11/06/receive-connector-security-permissions.aspx especially Receive Connectors have the ms-exch-smtp-accept-authoritative-domain-sender from first one,.

The domain name akitany.com is the one spaming us. The *@akitany.com addresses are sending email to authenticate users in my company. We do not have only that domain and it is directed to my boss.. I don't receive any of these spams. Graig

I can spam to you and your boss if I can get your e-mail address. I would suggest to close the permission. or better suggest to open a call with MS PSS.( it is just one command or using an Adsiedit). MS PSS is microsoft product support services.

See http://www.ivasoft.biz/spammover2007.shtml

I would like to come up with an example of received spam: as Per what I read it says that the IP 80.118.49.225 as permitted sender from my Edge 1 and I have no IP like that on the Edge 1. I am considering to close the permission. But I would like to know how come that message can go through and why it is marked as permitted sender ?? From: Decision MD <envoi@info.medianet-25.com> To: <boss@company.uk> Date: Thu, 7 Oct 2010 10:45:00 +0200 Subject: =?ISO-8859-1?Q?***_SPAM_***Delivery?= Return-Path: envoi@info.medianet-25.com X-MS-Exchange-Organization-PRD: info.medianet-25.com Received-SPF: Pass (EDGE01.COMPANY.com: domain of envoi@info.medianet-25.com designates 80.118.49.225 as permitted sender) receiver=EDGE01.COMPANY.com; client-ip=80.118.49.225; helo=makronissos225.do05.net; X-MS-Exchange-Organization-PCL: 2 X-MS-Exchange-Organization-Antispam-Report: DV:3.3.8414.660;SV:3.3.8520.1261;SID:SenderIDStatus Pass;OrigIP:80.118.49.225 X-Spam-Flag: YES X-Spam-Status: YES, hits=6 required=5, ct-refid=[str=0001.0A3D0202.4CAD88B6.0056,ss=1,fgs=0], tests=CTENGINE_UNKNOWN X-MS-Exchange-Organization-SCL: 6 X-MS-Exchange-Organization-SenderIdResult: PASS

The permitted sender just means that the sender of the email has configured an SPF record. That isn't unusual. Spammers are always the first to use any new antispam techniques to try and get their messages delivered. So if you have configured your server to an SPF record lookup, then it has passed that test. There is no single solution to spam, and in many cases the antispam solutions that Exchange provides are ineffective. If spam could be blocked that easily then it wouldn't be a problem. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources

Hello, I've got a user on the phone telling me that a user sent him an email onto our organization and his personal email address. The user received the email on his personal email addres with the following subjet: INFORMATION AND he received it as well on our organization but with the subject: *** SPAM *** INFORMATION Could anyone explain me how come the subject has been rewritten?? I do not think I have any application set up taht would change the subject.. Any help would be very appreciated. Graig

Let me add that the subject is sent as is from the edge to the hubcas in the tracking I did on the Edge. But the message tracking from the Hubcas shows that the subject has been rewrite with the mention *** SPAM***. And I wish to know why? please help. G

That has to be a third party utility doing that, or something has been written in the transport rules. Exchange doesn't do that natively. Simon.Simon Butler, Exchange MVP Blog | Exchange Resources