|
|
I am annoyed at the amount of e-mails our users are getting that appear to
be coming from the internal network. They show they are sent from users
inside our network to users inside our network. This has happened in the
past, but it was usually one or two once in a blue moon. In the past week
or two, we are getting up to 50 a day.
Is there a way to prevent these?
|
|
On Mon, 29 Dec 2008 22:31:21 -0600, "TL" <torrey no spam moderntravel
no spam net> wrote:
[Quoted Text] >I am annoyed at the amount of e-mails our users are getting that appear to
>be coming from the internal network. They show they are sent from users
>inside our network to users inside our network. This has happened in the
>past, but it was usually one or two once in a blue moon. In the past week
>or two, we are getting up to 50 a day.
>
>Is there a way to prevent these?
Is your anti virus updates? Anti spyware?
Sounds like you got a little infection.
--
AF
|
|
TL wrote:
[Quoted Text] > I am annoyed at the amount of e-mails our users are getting that
> appear to be coming from the internal network. They show they are
> sent from users inside our network to users inside our network. This
> has happened in the past, but it was usually one or two once in a
> blue moon. In the past week or two, we are getting up to 50 a day.
>
> Is there a way to prevent these?
You're getting spam that spoofed the sender. This happens to everyone. One
way to combat it is to add [ at ]mydomain.com to the sender blacklist settings in
Exchange (this will stop all inbound mail that purports to be *from* your
domain...be careful if you also use a listserv/etc via a third party). Make
sure you've got Exchange 2003 SP2 and filtering is enabled, also...and note
that you can't do any of this if you're using the POP connector.
|
|
Thank you for your reply. A few questions for you, if I may?
We use SMTP and the pop connector. Does that mean we cannot use your
suggestion of adding our domain to the sender blacklist? If we are still
able to, then, where do I find the sender blacklist settings so I can add
our domain to it. If we do this, I take it, internal users can still send
to each other within the network? It just won't let outside users send
e-mail to our server using our domain e-mail addresses, right?
Last question, I have heard of them, but what are listservs?
Thank you again.
"Lanwench [MVP - Exchange]"
<lanwench[ at ]heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message
news:%238ee3KkaJHA.4424[ at ]TK2MSFTNGP05.phx.gbl...
[Quoted Text] > TL wrote:
>> I am annoyed at the amount of e-mails our users are getting that
>> appear to be coming from the internal network. They show they are
>> sent from users inside our network to users inside our network. This
>> has happened in the past, but it was usually one or two once in a
>> blue moon. In the past week or two, we are getting up to 50 a day.
>>
>> Is there a way to prevent these?
>
> You're getting spam that spoofed the sender. This happens to everyone. One
> way to combat it is to add [ at ]mydomain.com to the sender blacklist settings
> in Exchange (this will stop all inbound mail that purports to be *from*
> your domain...be careful if you also use a listserv/etc via a third
> party). Make sure you've got Exchange 2003 SP2 and filtering is enabled,
> also...and note that you can't do any of this if you're using the POP
> connector.
>
|
|
This article when you are doing smtp feed for email. I do not know if
it works for pop collection. I doubt that a Real Time Block List can
work as you are asking a specific server and only that server to
collect for you. A good pop collection service may already be doing
some filtering for you but... Is there a reason why you are not doing
smtp collection for your server?
Are you using an Exchange aware antivirus, antispam solution?
http://msmvps.com/blogs/bgb/archive/2008/02/23/exchange-connection-filter-using-a-real-time-block-list-and-imfperfmon-msc.aspx
On Tue, 30 Dec 2008 00:00:17 -0600, "TL" <torrey no spam moderntravel
no spam net> wrote:
[Quoted Text] >Thank you for your reply. A few questions for you, if I may?
>
>We use SMTP and the pop connector. Does that mean we cannot use your
>suggestion of adding our domain to the sender blacklist? If we are still
>able to, then, where do I find the sender blacklist settings so I can add
>our domain to it. If we do this, I take it, internal users can still send
>to each other within the network? It just won't let outside users send
>e-mail to our server using our domain e-mail addresses, right?
>
>Last question, I have heard of them, but what are listservs?
>
>Thank you again.
>
>
>"Lanwench [MVP - Exchange]"
><lanwench[ at ]heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in message
>news:%238ee3KkaJHA.4424[ at ]TK2MSFTNGP05.phx.gbl...
>> TL wrote:
>>> I am annoyed at the amount of e-mails our users are getting that
>>> appear to be coming from the internal network. They show they are
>>> sent from users inside our network to users inside our network. This
>>> has happened in the past, but it was usually one or two once in a
>>> blue moon. In the past week or two, we are getting up to 50 a day.
>>>
>>> Is there a way to prevent these?
>>
>> You're getting spam that spoofed the sender. This happens to everyone. One
>> way to combat it is to add [ at ]mydomain.com to the sender blacklist settings
>> in Exchange (this will stop all inbound mail that purports to be *from*
>> your domain...be careful if you also use a listserv/etc via a third
>> party). Make sure you've got Exchange 2003 SP2 and filtering is enabled,
>> also...and note that you can't do any of this if you're using the POP
>> connector.
>>
>
See what SBS support is working on
http://blogs.technet.com/sbs/default.aspx
Check your SBS with the SBS Best Practices Analyzer
http://blogs.technet.com/sbs/archive/tags/BPA/default.aspx
|
|
curiously, this is the first I've heard of LanWench's idea to filter in this
manner.
Unfortunately, I have to question something.
Exchange filtering operates on the SMTP level so such filtering would effect
_any_ traffic submitted (processed?) by SMTP. No problem for Outlook users
(local or remote) but what impact might it have to SBS's internal processes
(monitoring and reporting) which submit info to Exchange?
I'd probably also be looking at SPF to limit such but I've never actually
tried it. Will Exchange filter its own domain using SPF? This would limit
'external' servers from submitting mail from [ at ]mydomain.com. (GAWD, another
thing I need to look at :-)
"TL" <torrey no spam moderntravel no spam net> wrote in message
news:OVY5lPkaJHA.4684[ at ]TK2MSFTNGP03.phx.gbl...
[Quoted Text] > Thank you for your reply. A few questions for you, if I may?
>
> We use SMTP and the pop connector. Does that mean we cannot use your
> suggestion of adding our domain to the sender blacklist? If we are still
> able to, then, where do I find the sender blacklist settings so I can add
> our domain to it. If we do this, I take it, internal users can still send
> to each other within the network? It just won't let outside users send
> e-mail to our server using our domain e-mail addresses, right?
>
> Last question, I have heard of them, but what are listservs?
>
> Thank you again.
>
>
> "Lanwench [MVP - Exchange]"
> <lanwench[ at ]heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in
> message news:%238ee3KkaJHA.4424[ at ]TK2MSFTNGP05.phx.gbl...
>> TL wrote:
>>> I am annoyed at the amount of e-mails our users are getting that
>>> appear to be coming from the internal network. They show they are
>>> sent from users inside our network to users inside our network. This
>>> has happened in the past, but it was usually one or two once in a
>>> blue moon. In the past week or two, we are getting up to 50 a day.
>>>
>>> Is there a way to prevent these?
>>
>> You're getting spam that spoofed the sender. This happens to everyone.
>> One way to combat it is to add [ at ]mydomain.com to the sender blacklist
>> settings in Exchange (this will stop all inbound mail that purports to be
>> *from* your domain...be careful if you also use a listserv/etc via a
>> third party). Make sure you've got Exchange 2003 SP2 and filtering is
>> enabled, also...and note that you can't do any of this if you're using
>> the POP connector.
>>
>
>
|
|
Jim,
Yes, we are using SMTP for our three business domains. However, before we
started using SMTP a few years ago, we used the POP connector. I am still
trying to get vendors to change our e-mail address even after three years.
I would love nothing more than to not use the POP connector at any anymore.
With that being said, I believe that the majority of our e-mail DOES come
through on SMTP.
We are using an anti-virus suite from Trend Micro on our server and of
course on our desktops.
"Jim Behning SBS MVP" <jimbehning[ at ]doesthisblockpork.mindspring.com> wrote in
message news:4e4kl4lgm5b483mjlr7i9gmranvdv0b9ve[ at ]4ax.com...
[Quoted Text] > This article when you are doing smtp feed for email. I do not know if > it works for pop collection. I doubt that a Real Time Block List can > work as you are asking a specific server and only that server to > collect for you. A good pop collection service may already be doing > some filtering for you but... Is there a reason why you are not doing > smtp collection for your server? > > Are you using an Exchange aware antivirus, antispam solution? > > http://msmvps.com/blogs/bgb/archive/2008/02/23/exchange-connection-filter-using-a-real-time-block-list-and-imfperfmon-msc.aspx> > On Tue, 30 Dec 2008 00:00:17 -0600, "TL" <torrey no spam moderntravel > no spam net> wrote: > >>Thank you for your reply. A few questions for you, if I may? >> >>We use SMTP and the pop connector. Does that mean we cannot use your >>suggestion of adding our domain to the sender blacklist? If we are still >>able to, then, where do I find the sender blacklist settings so I can add >>our domain to it. If we do this, I take it, internal users can still send >>to each other within the network? It just won't let outside users send >>e-mail to our server using our domain e-mail addresses, right? >> >>Last question, I have heard of them, but what are listservs? >> >>Thank you again. >> >> >>"Lanwench [MVP - Exchange]" >><lanwench[ at ]heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in >>message >>news:%238ee3KkaJHA.4424[ at ]TK2MSFTNGP05.phx.gbl... >>> TL wrote: >>>> I am annoyed at the amount of e-mails our users are getting that >>>> appear to be coming from the internal network. They show they are >>>> sent from users inside our network to users inside our network. This >>>> has happened in the past, but it was usually one or two once in a >>>> blue moon. In the past week or two, we are getting up to 50 a day. >>>> >>>> Is there a way to prevent these? >>> >>> You're getting spam that spoofed the sender. This happens to everyone. >>> One >>> way to combat it is to add [ at ]mydomain.com to the sender blacklist >>> settings >>> in Exchange (this will stop all inbound mail that purports to be *from* >>> your domain...be careful if you also use a listserv/etc via a third >>> party). Make sure you've got Exchange 2003 SP2 and filtering is enabled, >>> also...and note that you can't do any of this if you're using the POP >>> connector. >>> >> > See what SBS support is working on > http://blogs.technet.com/sbs/default.aspx> Check your SBS with the SBS Best Practices Analyzer > http://blogs.technet.com/sbs/archive/tags/BPA/default.aspx
|
|
TL wrote:
[Quoted Text] > Jim,
>
> Yes, we are using SMTP for our three business domains. However,
> before we started using SMTP a few years ago, we used the POP
> connector. I am still trying to get vendors to change our e-mail
> address even after three years.
Send out a mail blast saying you aren't using it anymore and the addresses
will seldom be checked?
>: I would love nothing more than to not
> use the POP connector at any anymore.
Are you using it for the domain in question? Or is this an ISP's domain on
which you have accounts?
I would stop using the POP connector. If you must maintain these POP
accounts for some reason you could check them via webmail for a while.
>
> With that being said, I believe that the majority of our e-mail DOES
> come through on SMTP.
You can check this by looking at the headers. Do you have SP2 and filtering
enabled?
http://www.msexchange.org/tutorials/Intelligent-Message-Filter-version-2-IMF-v2.html
has info on the IMF.
>
> We are using an anti-virus suite from Trend Micro on our server and of
> course on our desktops.
Make sure you're using the latest version of Trend (Worry Free Business
Security Advanced - 5.1) and enable the antispam features in there.
>
>
> "Jim Behning SBS MVP" <jimbehning[ at ]doesthisblockpork.mindspring.com>
> wrote in message news:4e4kl4lgm5b483mjlr7i9gmranvdv0b9ve[ at ]4ax.com...
>> This article when you are doing smtp feed for email. I do not know if
>> it works for pop collection. I doubt that a Real Time Block List can
>> work as you are asking a specific server and only that server to
>> collect for you. A good pop collection service may already be doing
>> some filtering for you but... Is there a reason why you are not doing
>> smtp collection for your server?
>>
>> Are you using an Exchange aware antivirus, antispam solution?
>>
>> http://msmvps.com/blogs/bgb/archive/2008/02/23/exchange-connection-filter-using-a-real-time-block-list-and-imfperfmon-msc.aspx
>>
>> On Tue, 30 Dec 2008 00:00:17 -0600, "TL" <torrey no spam moderntravel
>> no spam net> wrote:
>>
>>> Thank you for your reply. A few questions for you, if I may?
>>>
>>> We use SMTP and the pop connector. Does that mean we cannot use
>>> your suggestion of adding our domain to the sender blacklist? If
>>> we are still able to, then, where do I find the sender blacklist
>>> settings so I can add our domain to it. If we do this, I take it,
>>> internal users can still send to each other within the network? It
>>> just won't let outside users send e-mail to our server using our
>>> domain e-mail addresses, right? Last question, I have heard of them, but
>>> what are listservs?
>>>
>>> Thank you again.
>>>
>>>
>>> "Lanwench [MVP - Exchange]"
>>> <lanwench[ at ]heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in
>>> message
>>> news:%238ee3KkaJHA.4424[ at ]TK2MSFTNGP05.phx.gbl...
>>>> TL wrote:
>>>>> I am annoyed at the amount of e-mails our users are getting that
>>>>> appear to be coming from the internal network. They show they are
>>>>> sent from users inside our network to users inside our network. This
>>>>> has happened in the past, but it was usually one or two once
>>>>> in a blue moon. In the past week or two, we are getting up to 50
>>>>> a day. Is there a way to prevent these?
>>>>
>>>> You're getting spam that spoofed the sender. This happens to
>>>> everyone. One
>>>> way to combat it is to add [ at ]mydomain.com to the sender blacklist
>>>> settings
>>>> in Exchange (this will stop all inbound mail that purports to be
>>>> *from* your domain...be careful if you also use a listserv/etc via
>>>> a third party). Make sure you've got Exchange 2003 SP2 and
>>>> filtering is enabled, also...and note that you can't do any of
>>>> this if you're using the POP connector.
>>>>
>>>
>> See what SBS support is working on
>> http://blogs.technet.com/sbs/default.aspx
>> Check your SBS with the SBS Best Practices Analyzer
>> http://blogs.technet.com/sbs/archive/tags/BPA/default.aspx
|
|
SuperGumby [SBS MVP] wrote:
[Quoted Text] > curiously, this is the first I've heard of LanWench's idea to filter
> in this manner.
>
> Unfortunately, I have to question something.
>
> Exchange filtering operates on the SMTP level so such filtering would
> effect _any_ traffic submitted (processed?) by SMTP. No problem for
> Outlook users (local or remote) but what impact might it have to
> SBS's internal processes (monitoring and reporting) which submit info
> to Exchange?
None whatsoever - it would affect only inbound internet mail. Oh, and
external users who relay via your SMTP server, but I don't let people do
that, generally.
>
> I'd probably also be looking at SPF to limit such but I've never
> actually tried it.
SPF will be relevant only to those out on the Internet who choose to look
for its presence - it won't have any impact here.
> Will Exchange filter its own domain using SPF?
Nope...not that I know of.
> This would limit 'external' servers from submitting mail from
> [ at ]mydomain.com. (GAWD, another thing I need to look at :-)
>
Yep. It can be a problem if you use external listservs, but it's not a bad
blunt force approach otherwise.
> "TL" <torrey no spam moderntravel no spam net> wrote in message
> news:OVY5lPkaJHA.4684[ at ]TK2MSFTNGP03.phx.gbl...
>> Thank you for your reply. A few questions for you, if I may?
>>
>> We use SMTP and the pop connector. Does that mean we cannot use your
>> suggestion of adding our domain to the sender blacklist? If we are
>> still able to, then, where do I find the sender blacklist settings
>> so I can add our domain to it. If we do this, I take it, internal
>> users can still send to each other within the network? It just
>> won't let outside users send e-mail to our server using our domain
>> e-mail addresses, right? Last question, I have heard of them, but what
>> are listservs?
>>
>> Thank you again.
>>
>>
>> "Lanwench [MVP - Exchange]"
>> <lanwench[ at ]heybuddy.donotsendme.unsolicitedmailatyahoo.com> wrote in
>> message news:%238ee3KkaJHA.4424[ at ]TK2MSFTNGP05.phx.gbl...
>>> TL wrote:
>>>> I am annoyed at the amount of e-mails our users are getting that
>>>> appear to be coming from the internal network. They show they are
>>>> sent from users inside our network to users inside our network. This
>>>> has happened in the past, but it was usually one or two once
>>>> in a blue moon. In the past week or two, we are getting up to 50
>>>> a day. Is there a way to prevent these?
>>>
>>> You're getting spam that spoofed the sender. This happens to
>>> everyone. One way to combat it is to add [ at ]mydomain.com to the
>>> sender blacklist settings in Exchange (this will stop all inbound
>>> mail that purports to be *from* your domain...be careful if you
>>> also use a listserv/etc via a third party). Make sure you've got
>>> Exchange 2003 SP2 and filtering is enabled, also...and note that
>>> you can't do any of this if you're using the POP connector.
|
|
|