 |
 |
On Monday 15 September 2008 12:31:40 Al Puzzuoli wrote:
> We seem to be getting a lot of spam messages in the form of fake NDRs,
> most of Which involve our internal [log in to unmask] addresses. The
> interesting thing is that our exchange server has always been configured
> such that outgoing message headers show as being from [log in to unmask] The
> internal departmental address info shouldn't be getting exposed at all
> as far as I can tell; but yet, NDRs directed to [log in to unmask]
> addresses keep coming.
>
> What might I be missing here?
>
> Thanks
I just saw this a week or so ago at a friends mail system, also Exchange.
I haven't looked at their problem yet, but I wonder if there is a part of
the header that includes the transation history, and is being picked up
and used by spam people? They really do try everything possible. My
pet horror is when they use false return address like root@ or a real
users address.
If you find out how this is happening please let us know and I'll do the
same.
--STeve Andre'