Yea, that's where the spam is going, not coming from. I checked one of the att iphones here and it's IP address belongs to Verizon? The ip addresses only share the class A portion of 71. Thanks, Jake Gardner TTC Network Administrator Ext. 246
________________________________ From: Scot Parsons [mailto:spars...@scetv.org] Sent: Wednesday, January 21, 2009 2:55 PM To: MS-Exchange Admin Issues Subject: RE: stopping a spammer Yeah. Vtext.com is Verizon texting. From: David McSpadden [mailto:dav...@imcu.org] Sent: Wednesday, January 21, 2009 2:50 PM To: MS-Exchange Admin Issues Subject: RE: stopping a spammer The logs do look like texting or webmail entries from a phone. ________________________________ From: Jake Gardner [mailto:jgard...@ttcdas.com] Sent: Wednesday, January 21, 2009 2:47 PM To: MS-Exchange Admin Issues Subject: RE: stopping a spammer I pulled the extra MX a couple months ago when the cuda came online to force all mail to go to it. I had been planning on putting it back. Currently the big wigs make direct connects to the exchange server with their Iphones and use smtp auth on 25. Anyone see an iphone cause this? Since I don't seem to be configured to relay, and the ip belongs to ATT. I am working on seeing if any of the iphones here have that IP address. Thanks, Jake Gardner TTC Network Administrator Ext. 246 ________________________________ From: Michael B. Smith [mailto:mich...@theessentialexchange.com] Sent: Wednesday, January 21, 2009 2:09 PM To: MS-Exchange Admin Issues Subject: RE: stopping a spammer You only have a single MX record anyway - and that goes to the barracuda. Regards, Michael B. Smith, MCITP:SA,EMA/MCSE/Exchange MVP My blog: http://TheEssentialExchange.com/blogs/michael I'll be at TEC'2009! http://www.tec2009.com/vegas/index.php From: Jake Gardner [mailto:jgard...@ttcdas.com] Sent: Wednesday, January 21, 2009 2:07 PM To: MS-Exchange Admin Issues Subject: RE: stopping a spammer Then I lose my failover to the mail server (direct connect) in case the 'cuda goes offline. Thanks, Jake Gardner TTC Network Administrator Ext. 246 ________________________________ From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: Wednesday, January 21, 2009 2:00 PM To: MS-Exchange Admin Issues Subject: RE: stopping a spammer First thing. Block port 25 incoming and outgoing on the firewall to everything except the cuda. From: Jake Gardner [mailto:jgard...@ttcdas.com] Sent: Wednesday, January 21, 2009 1:47 PM To: MS-Exchange Admin Issues Subject: stopping a spammer I'm at a loss here and need some help. I have an exchange 2003 server that has been used as relay 2 days ago and this morning. I have checked and tested that I am not open as a relay (or somehow I am!?) I checked the SMTP logs and found entries for the spammer but I can't see how they were able to send the emails. Log snipped: 2009-01-21 13:51:57 71.158.154.135 User EHLO - +User 250 0 334 9 0 - 2009-01-21 13:51:57 71.158.154.135 User MAIL - +FROM:<9893024...@ncacu.org> 250 0 45 32 0 - 2009-01-21 13:51:57 71.158.154.135 User RCPT - +TO:<9897834...@vtext.com> 250 0 33 30 0 - 2009-01-21 13:51:58 71.158.154.135 User RCPT - +TO:<9897834...@vtext.com> 250 0 33 30 0 - Yesterday I had set the IP address to be blocked under Message Delivery-Connections options but they still got in. I just now added the IP to SMTP's connection properties. I've also emailed the IP owners (from ARIN) with the logs. How might this be happening? I have all of my mail normally come in via MX to my barracuda and my internal mail server sends mail out via my 'cuda. Thanks, Jake Gardner TTC Network Administrator Ext. 246 ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you. ******************************************************************* ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you. ******************************************************************* This e-mail and any files transmitted with it are property of Indiana Members Credit Union, are confidential, and are intended solely for the use of the individual or entity to whom this e-mail is addressed. If you are not one of the named recipient(s) or otherwise have reason to believe that you have received this message in error, please notify the sender and delete this message immediately from your computer. Any other use, retention, dissemination, forwarding, printing, or copying of this email is strictly prohibited. ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you. ******************************************************************* ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
