I have followed MS recommendations and enabled rounting restrictions on my SMTP gateway outside firewall. But lots of Spam mail we received are not even addressed to an internal person at least from what I saw. see below

From: lacydicostanzo109@financier.com
To: 9bvv@msn.com

I can't find out if the mail was actually addressed to 9bvv@msn.com or using this faked address to hide the internal address. Any idea?

Thanks,

David

We gets loads of this stuff also - all the users will be blind copy (bcc) so from looking at the message you can't tell - if you turn on SMTP protocol logging to max then stop and restart the IMC you'll gain a huge log file very quickly in the imcdatalog directory - you can search through the log for the offending message and see which local SMTP addresses it's routed to. But there's no way to stop this sort of traffic - the sender is usually not genuine and changes every time, sometimes the subject is worth trying to filter on with a product like Mailsweeper or if you're a UK company you can filter on message contents for text strings like "$$" that weeds a bit out. But spam like this is just a bad side effect of internet mail. If anyone knows any better filter methods I'd like to know....

Regards

Andy


------------
David Ding at 4/12/01 5:51:44 PM

I have followed MS recommendations and enabled rounting restrictions on my SMTP gateway outside firewall. But lots of Spam mail we received are not even addressed to an internal person at least from what I saw. see below

From: lacydicostanzo109@financier.com
To: 9bvv@msn.com

I can't find out if the mail was actually addressed to 9bvv@msn.com or using this faked address to hide the internal address. Any idea?

Thanks,

David

We block this type of crap on our firewall. I'm not sure if there is a way to do it inside of Exchange, but all we had to do on the firewall was to configure it to only accept messages from our domain.


------------
Andy Russell at 4/17/01 10:29:58 AM

We gets loads of this stuff also - all the users will be blind copy (bcc) so from looking at the message you can't tell - if you turn on SMTP protocol logging to max then stop and restart the IMC you'll gain a huge log file very quickly in the imcdatalog directory - you can search through the log for the offending message and see which local SMTP addresses it's routed to. But there's no way to stop this sort of traffic - the sender is usually not genuine and changes every time, sometimes the subject is worth trying to filter on with a product like Mailsweeper or if you're a UK company you can filter on message contents for text strings like "$$" that weeds a bit out. But spam like this is just a bad side effect of internet mail. If anyone knows any better filter methods I'd like to know....

Regards

Andy


------------
David Ding at 4/12/01 5:51:44 PM

I have followed MS recommendations and enabled rounting restrictions on my SMTP gateway outside firewall. But lots of Spam mail we received are not even addressed to an internal person at least from what I saw. see below

From: lacydicostanzo109@financier.com
To: 9bvv@msn.com

I can't find out if the mail was actually addressed to 9bvv@msn.com or using this faked address to hide the internal address. Any idea?

Thanks,

David