____ spam mails getting through with scl -1

Hi,

We've recently installed an exchange 2010 with forefront security for exchange.  We where happy to receive very little to no spam in our inbox.

But now since a week or so we get a lot of spam through. Very obvious spam like this:

Cheap ViagraPills start fr $1.85

GenericViagra:
** 25mg:
40 pills - $ 78
** 50mg:
30 pills - $ 99
270 pills - $499
** 100mg:
30 pills - $105
270 pills - $540
** 150mg:
20 pills - $139
** 120mg:
20 pills - $117

Optional: Delivery Insurance (Guaranteeed reshipment if delivery failed)

 

This in plain text is obviously spam. The header of the email says SCL -1.

 

Does anyone have any idea how come this is happening?

 

 

November 9th, 2010 3:37pm

Please, also post the header. That will give use some more information

There is a big change that you use a anti-spam solution that connect to your exchange as "trusted". So post your recive connectors settinsg also

Free Windows Admin Tool Kit Click here and download it now
November 9th, 2010 8:16pm

Ok so here's the header:

Received: from vATS007.atsgroep.be (10.0.0.161) by vats003.atsgroep.be
 (10.0.0.121) with Microsoft SMTP Server (TLS) id 14.1.255.0; Sat, 6 Nov 2010
 19:39:56 +0100
Received: from bqcev (82.233.192.127) by mail.atsgroep.be (194.78.214.42) with
 Microsoft SMTP Server id 14.0.702.0; Sat, 6 Nov 2010 19:39:55 +0100
To: <wesley.de.bruyne@atsgroep.be>
Date: Sat, 6 Nov 2010 12:33:45 -0700
Sender: <rubieemaki@cs.com>
From: Rubie Ema <rubieemaki@cs.com>
In-Reply-To: <aa0801cb7b22$7ee5d7eb$a3157d55@crwnk81>
Subject: GenericViagra: 50mg:30 pills-$99, 100mg: 270pills-$540, 150mg: 20pills-$139 sk
X-Sender: <rubieemaki@cs.com>
Message-ID: <4CD5AD99.D7C17CD1@cs.com>
MIME-Version: 1.0
Reply-To: Rubie Ema <rubieemaki@cs.com>
Content-Type: multipart/alternative;
 boundary="----=_Part_49282_0715_05676809.BA20F319"
User-Agent: Mozilla/5.047 (Windows; U; Windows NT 5.0; U; NT4.0; en-us) Gecko/25250101
Return-Path: rubieemaki@cs.com
X-MS-Exchange-Organization-PRD: cs.com
Received-SPF: None (vATS007.atsgroep.be: rubieemaki@cs.com does not
 designate permitted sender hosts)
X-MS-Exchange-Organization-Antispam-Report: v=1.1
 cv=rT00GTpZ5MSp1ZxZFnbz90rwzC0u/eIJHHhk9TgDoBE= c=1 sm=1 a=7C9BXaI6PjcA:10
 a=GoqiXTz7-MIA:10 a=Bm5CGD5hNXwA:10 a=nsHQh+8dCwREoUYq5PAOiw==:17
 a=ie9QzACsAAAA:8 a=E_L80fFITzSPg6_BmNcA:9 a=cuI9EFUVpeGK_7-9qG8A:7
 a=noDXP0wlcfnoTGAvK9V8zB8UWL8A:4 a=CjuIK1q_8ugA:10 a=PMIgtkiIR_m9gaii:21
 a=KUoTCPfgi0dl5dgL:21 a=urt2cUY3a_t7NE3V:21 a=LK2Jkdhqki-MnjMQf5EA:9
 a=CqlJE-djHJjGR-XVuDkA:7 a=mjXP_EH4SfxCrkfH5ibzS5K3CuoA:4
 a=ZFUir7Rss4gDEpGH:21 a=L39HvqBh4ZPSvNEo:21 a=EgusNkTKHnttRevb:21
 a=nsHQh+8dCwREoUYq5PAOiw==:117;OrigIP:82.233.192.127;SCL:-1
X-MS-Exchange-Organization-AVStamp-Mailbox: MSFTFF;1;0;0 0 0
X-MS-Exchange-Organization-SCL: -1
X-MS-Exchange-Organization-SenderIdResult: NONE
X-MS-Exchange-Organization-AuthSource: vATS007.atsgroep.be
X-MS-Exchange-Organization-AuthAs: Anonymous

November 10th, 2010 7:17am

We have 2 receive connectors:

Internal_Mail_Servers Properties:

It has as network only local ip's / ranges 10.0.0 etc...
tab Authentication: has Exchange Server authentication enabled
tab Permissions group has everything enabled (anonymous users, exchange servers & partners)

External_Mail_Serverss Properties:

Tab Network
Has as local ip adresses to receive mail our external ip adres of the edge server.
The receive mail from remote servers that have these ip adresses 0.0.0.0 - 255.255.255.255 + our external ip range.

Tab Authentication has nothing enabled
Tab Permissions groups has everything enabled

I think there is nothing special on these settings, but who knows :)

Free Windows Admin Tool Kit Click here and download it now
November 10th, 2010 7:27am

Hi,

 

Thank you for the post.

 

“We've recently installed an exchange 2010 with forefront security for exchange” – do you mean installing Forefront Security for Exchange on Exchange 2010? In fact, it cannot be installed. Only FPE can be installed on Exchange 2010. And FSE doesn’t contain any native anti-spam feature. For more information, please refer to: http://blogs.technet.com/b/fssnerds/archive/2008/12/08/how-can-i-enable-anti-spam-updates-in-forefront.aspx

 

Regards,

November 15th, 2010 5:58am

Hi,

FSE doesn't contain any anti-spam feature?

So when i go tot he FSE site en click Product Details => Features, i find: Premium spam protection <= so this is not an anti-spam feature?

Maybe i'm reading it wrong but can you explain why it says so on the FSE site?

Hope there is a logic i don't understand behind t

Free Windows Admin Tool Kit Click here and download it now
November 15th, 2010 12:24pm

Dear Weslee

It's correct that FSE isn't a anti-spam solution. Only a anti-virus solution. For anti-spam it is using the anti-spam soluation form exchange itself. This is one of the most made mistakes about FPE.

But thos don't solf your question ;-)

Is your edge 2010? please check the anti-spam settings: http://technet.microsoft.com/en-us/library/aa996604.aspx

>>> The receive mail from remote servers that have these ip adresses 0.0.0.0 - 255.255.255.255 + our external ip range

If you use edge you don't need to ad anay address here. This can give a SCL -1 ;-)

 

November 15th, 2010 4:26pm

Dear Weslee

It's correct that FSE isn't a anti-spam solution. Only a anti-virus solution. For anti-spam it is using the anti-spam soluation form exchange itself. This is one of the most made mistakes about FPE.

But thos don't solf your question ;-)

Is your edge 2010? please check the anti-spam settings: http://technet.microsoft.com/en-us/library/aa996604.aspx

>>> The receive mail from remote servers that have these ip adresses 0.0.0.0 - 255.255.255.255 + our external ip range

If you use edge you don't need to ad anay address here. This can give a SCL -1 ;-)

Free Windows Admin Tool Kit Click here and download it now
March 7th, 2014 9:51pm

Hi,

Mike, Bellard has right because he took about FSE (ForeFront Security for Exchange). You paste a screen from FPE (ForeFront Protection for Exchange) and took about it... It's two different products.

Anyway, FSE and FPE will stop work 31 December 2015. Read this: https://support.microsoft.com/en-us/lifecycle?C2=12300&wa=wsignin1.0

and here more

http://blogs.technet.com/b/server-cloud/archive/2012/09/12/important-changes-to-forefront-product-roadmaps.aspx

I have MS Exchange 2007 SP3R17 and FPE and has the same problem.

July 17th, 2015 1:48am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics