exchangefreaks.com Forum Index
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

DoS attack?

 
Post new topic   Reply to topic    exchangefreaks.com Forum Index -> MS Exchange Miscellaneous
Author Message
Alan C



Joined: 05 Aug 2007
Posts: 14
PostPosted: Sun Feb 24, 2008 4:41 pm    Post subject: DoS attack? Reply with quote
We have suddenly started to get hundreds of spams addressed to fake
addresses on our domain - (e.g. dflmt@ourdomain.co.uk,
dflms@ourdomain.co.uk, john@ourdomain.co.uk ). All are from spoofed senders.

We have Exch2003, and collect mail via a globl pop account. The exchange is
dealing with the spam effectively, but is slowed by the shear volume of spam
hitting the global box.

What I would like to find out is whether there is any way of identifying the
source (bot?) of the fake mails.

Can anyone suggest some way?

Archived from group: microsoft>public>exchange>misc
Back to top
View user's profile Send private message
Bharat Suneja [MVP]



Joined: 05 Aug 2007
Posts: 1043
PostPosted: Mon Feb 25, 2008 2:14 am    Post subject: Re: DoS attack? Reply with quote
- Start with message headers
- If you were accepting inbound SMTP mail (and not using POP to fetch your
mail from external host), you could use Recipient Filtering to drop mail for
non-existent recipients.

--
Bharat Suneja
MVP - Exchange
www.zenprise.com
NEW blog location:
exchangepedia.com/blog
----------------------------


"Alan C" wrote in message @TK2MSFTNGP02.phx.gbl...
> We have suddenly started to get hundreds of spams addressed to fake
> addresses on our domain - (e.g. dflmt@ourdomain.co.uk,
> dflms@ourdomain.co.uk, john@ourdomain.co.uk ). All are from spoofed
> senders.
>
> We have Exch2003, and collect mail via a globl pop account. The exchange
> is dealing with the spam effectively, but is slowed by the shear volume of
> spam hitting the global box.
>
> What I would like to find out is whether there is any way of identifying
> the source (bot?) of the fake mails.
>
> Can anyone suggest some way?
>
>
>
Back to top
View user's profile Send private message
Alan C



Joined: 05 Aug 2007
Posts: 14
PostPosted: Mon Feb 25, 2008 2:56 pm    Post subject: Re: DoS attack? Reply with quote
Thanks, Bharat.

I will be dumping the global pop box shortly, and on advice, will configure
a connection filter to use zen.spamhaus.org blocklists.


"Bharat Suneja [MVP]" wrote in message
news:%23PI2F12dIHA.4396@TK2MSFTNGP02.phx.gbl...
>- Start with message headers
> - If you were accepting inbound SMTP mail (and not using POP to fetch your
> mail from external host), you could use Recipient Filtering to drop mail
> for non-existent recipients.
>
> --
> Bharat Suneja
> MVP - Exchange
> www.zenprise.com
> NEW blog location:
> exchangepedia.com/blog
> ----------------------------
>
>
> "Alan C" wrote in message
> @TK2MSFTNGP02.phx.gbl...
>> We have suddenly started to get hundreds of spams addressed to fake
>> addresses on our domain - (e.g. dflmt@ourdomain.co.uk,
>> dflms@ourdomain.co.uk, john@ourdomain.co.uk ). All are from spoofed
>> senders.
>>
>> We have Exch2003, and collect mail via a globl pop account. The exchange
>> is dealing with the spam effectively, but is slowed by the shear volume
>> of spam hitting the global box.
>>
>> What I would like to find out is whether there is any way of identifying
>> the source (bot?) of the fake mails.
>>
>> Can anyone suggest some way?
>>
>>
>>
>
Back to top
View user's profile Send private message
Display posts from previous:   
Related Topics:
Spoof Attack - [WP] About 800 emails are sitting in th Queue with subject Outofoffice reply and there is this one user it shows that emails from her account are sent to her blackberry address and she says she never sent anything from her computer. I think we are under a spoo

Exchange attack from infected LAN computer I visited a business that could not send any email on SBS 2003 server SP1. I checked the ques and found like 40,000 outbound messages waiting to be sent from a business with 10 users. All the computers were using Symantec AV with current updates. Traced i

Unified Messaging Requirements (Newbie) Hi All, We have an Avaya 8700 Switch with Several G650 gateways. In order to use Ex 2007 Unified Messaging do I have to buy a Voice Mail System from Avaya or does the Ex2007 provide this with the UM Server Role? What I don't understand about the architect

Event ID 9320 errors on the Global Address list Hey guys, I running Exchange server 2003 Enterprise SP2. I am getting the following error on the global address list: Event Type: Warning Event Source: MSExchangeSA Event Category: OAL Generator Event ID: 9320 Date: 5/17/2007 Time: 9:12:41 AM User: N/A

HTTP 501 and 400 after successful sync on mobile device Hello, After removing ISA server and installing a new hardward firewall at work (as well as changing our Exchange server from 192.168.0.1 to 192.168.0.2) the active sync on our mobile devices no longer stay connected. When performing a manual sync the de
Post new topic   Reply to topic    exchangefreaks.com Forum Index -> MS Exchange Miscellaneous All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group