Hi,
Could someone explain how this issue happened with our mail server and how I can prevent this kind of spams?
We received a spam message from sender fraud@aexp.com (mail from).
When the user got this mail, the sender was administator@owndomain.com
I checked the message tracker and the sender field is empty, the return path is the real sender (fraud@aexp.com).
Original sender didn't appear in the message what the user finally received, only administrator@owndomain.com.
How is this possible?
We have Exchange 2010.
Thank you for all of your advise.
Our protocol log:
"220 mail.owndomain.com Microsoft ESMTP MAIL Service ready at Tue, 12 Nov 2013 16:01:22 +0000",
<,EHLO 66-162-146-134.static.twtelecom.net,
250-mail.owndomain.com Hello [66.162.146.134],
250-SIZE,
250-PIPELINING,
250-DSN,
250-ENHANCEDSTATUSCODES,
250-STARTTLS,
250-X-ANONYMOUSTLS,
250-AUTH NTLM,
250-X-EXPS GSSAPI NTLM,
250-8BITMIME,
250-BINARYMIME,
250-CHUNKING,
250-XEXCH50,
250-XRDST,
250 XSHADOW,
<,MAIL FROM: <fraud@aexp.com> BODY=7BIT,
08D0A1C0CB157E5B;2013-11-12T16:01:22.803Z;1,receiving message
<,RCPT TO:<user1@owndomain.com>,
<,DATA,
250 2.1.0 Sender OK,
250 2.1.5 Recipient OK,
354 Start mail input; end with <CRLF>.<CRLF>,
,Tarpit for '0.00:00:00.530' due to 'DelayedAck',Delivered
250 2.6.0 <RJLVH7BGRIUWOJC7TZ37EZ6ODW8490JF7JPI41@owndomain.com> [InternalId=558072] Queued mail for delivery,
<,QUIT,
>,221 2.0.0 Service closing transmission channel,