RE: SPAM relay

2002-06-18 Thread Marty Richards 

Hi Richard,
 
Most likely its a misaddressed spam - your mail server is trying to return
it to the "@yahoo" originator as unknown recipient. Probably the yahoo
account never existed (headers are easily forged) or Yahoo have disactivated
it due to the spammout.
 
That message is a yahoo standard for bouncing spam cases - they probably
have a different message for open relays ;)
 
Just for interest, if Yahoo are in the practice of suspending
spam-associated mail accounts, what would stop anyone forging a mail out on
behalf of any yahoo user and suspending the account? *shrug* I guess this is
a problem with SMTP really, as there is no authentication.
 
Cheers,
Marty

-Original Message-
From: Richard McMahon [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 18, 2002 7:24 PM
To: MS-Exchange Admin Issues
Subject: SPAM relay



Hi folks  I just want to run this past you all.  

I have two servers connected to the internet.  Both have been sending this
message 

The following recipients did not receive the attached mail. Reasons are
listed with each recipient: 

<[EMAIL PROTECTED]> [EMAIL PROTECTED] 
MSEXCH:IMS:Appropria:US-Pleasanton:BOWMORE 3553 (000B09B6) 553
VS10-RT Possible forgery or deactivated due to abuse - see
http://help.yahoo.com/help/us/mail/spam/spam-18.html
  (#5.1.1)

The message that caused this notification was: 

I have (as far as I know) configured the servers to stop relaying and I do
get relaying denied messages when I test it. 

Anyone know whether I should be worrying about this message? 

Richard 

List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm



List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm

RE: SPAM relay

2002-06-18 Thread William Lefkovics 

Friggin' damn yahoo bastards.  Speaking of bastards, my newest rule
forwards Scanmail quarantine message rejection notices from bmc.com to
several addresses found on their site.


-Original Message-
From: Marty Richards [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, June 18, 2002 2:42 AM
To: MS-Exchange Admin Issues
Subject: RE: SPAM relay


Hi Richard,
 
Most likely its a misaddressed spam - your mail server is trying to
return it to the "@yahoo" originator as unknown recipient. Probably the
yahoo account never existed (headers are easily forged) or Yahoo have
disactivated it due to the spammout.
 
That message is a yahoo standard for bouncing spam cases - they probably
have a different message for open relays ;)
 
Just for interest, if Yahoo are in the practice of suspending
spam-associated mail accounts, what would stop anyone forging a mail out
on behalf of any yahoo user and suspending the account? *shrug* I guess
this is a problem with SMTP really, as there is no authentication.
 
Cheers,
Marty

-Original Message-
From: Richard McMahon [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 18, 2002 7:24 PM
To: MS-Exchange Admin Issues
Subject: SPAM relay



Hi folks  I just want to run this past you all.  

I have two servers connected to the internet.  Both have been sending
this message 

The following recipients did not receive the attached mail. Reasons are
listed with each recipient: 

<[EMAIL PROTECTED]> [EMAIL PROTECTED] 
MSEXCH:IMS:Appropria:US-Pleasanton:BOWMORE 3553 (000B09B6) 553
VS10-RT Possible forgery or deactivated due to abuse - see
http://help.yahoo.com/help/us/mail/spam/spam-18.html
<http://help.yahoo.com/help/us/mail/spam/spam-18.html>  (#5.1.1)

The message that caused this notification was: 

I have (as far as I know) configured the servers to stop relaying and I
do get relaying denied messages when I test it. 

Anyone know whether I should be worrying about this message? 

Richard 

List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm



List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm



List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm

RE: SPAM relay

2002-06-18 Thread Richard McMahon 
Title: RE: SPAM relay





Thanks for the responses,


Talking about spam what is the best thing to use to filter this stuff out.  Either on keyword or domain.  I have looked at the realtime black hole list but it seems to only really work with sendmail or some other non exchange mail server.  I currently run exchange 5.5 sp4 any suggestions/comments on what packages are good or should be avoided.

Richard


-Original Message-
From: William Lefkovics [mailto:[EMAIL PROTECTED]]
Sent: 18 June 2002 10:51
To: MS-Exchange Admin Issues
Subject: RE: SPAM relay



Friggin' damn yahoo bastards.  Speaking of bastards, my newest rule
forwards Scanmail quarantine message rejection notices from bmc.com to
several addresses found on their site.



-Original Message-
From: Marty Richards [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, June 18, 2002 2:42 AM
To: MS-Exchange Admin Issues
Subject: RE: SPAM relay



Hi Richard,
 
Most likely its a misaddressed spam - your mail server is trying to
return it to the "@yahoo" originator as unknown recipient. Probably the
yahoo account never existed (headers are easily forged) or Yahoo have
disactivated it due to the spammout.
 
That message is a yahoo standard for bouncing spam cases - they probably
have a different message for open relays ;)
 
Just for interest, if Yahoo are in the practice of suspending
spam-associated mail accounts, what would stop anyone forging a mail out
on behalf of any yahoo user and suspending the account? *shrug* I guess
this is a problem with SMTP really, as there is no authentication.
 
Cheers,
Marty


-Original Message-
From: Richard McMahon [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 18, 2002 7:24 PM
To: MS-Exchange Admin Issues
Subject: SPAM relay




Hi folks  I just want to run this past you all.  


I have two servers connected to the internet.  Both have been sending
this message 


The following recipients did not receive the attached mail. Reasons are
listed with each recipient: 


<[EMAIL PROTECTED]> [EMAIL PROTECTED] 
    MSEXCH:IMS:Appropria:US-Pleasanton:BOWMORE 3553 (000B09B6) 553
VS10-RT Possible forgery or deactivated due to abuse - see
http://help.yahoo.com/help/us/mail/spam/spam-18.html
<http://help.yahoo.com/help/us/mail/spam/spam-18.html>  (#5.1.1)


The message that caused this notification was: 


I have (as far as I know) configured the servers to stop relaying and I
do get relaying denied messages when I test it. 


Anyone know whether I should be worrying about this message? 


Richard 


List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm




List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm




List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm



List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm

RE: SPAM relay

2002-06-18 Thread William Lefkovics 
Title: Message



Sorry... mine was not a useful response.  It was 
only intended to return another message rejected email from a Scanmail infected 
server.
 
There 
are developers that are coding RBL's for Exchange 2000 using event sinks, right 
Siegfried?

  
  -Original Message-From: Richard McMahon 
  [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 18, 2002 
  3:01 AMTo: MS-Exchange Admin IssuesSubject: RE: SPAM 
  relay
  Thanks for the responses, 
  Talking about spam what is the best thing to use to filter 
  this stuff out.  Either on keyword or domain.  I have looked at the 
  realtime black hole list but it seems to only really work with sendmail or 
  some other non exchange mail server.  I currently run exchange 5.5 sp4 
  any suggestions/comments on what packages are good or should be 
  avoided.
  Richard 
  -Original Message- From: 
  William Lefkovics [mailto:[EMAIL PROTECTED]] 
  Sent: 18 June 2002 10:51 To: 
  MS-Exchange Admin Issues Subject: RE: SPAM 
  relay 
  Friggin' damn yahoo bastards.  Speaking of bastards, my 
  newest rule forwards Scanmail quarantine message 
  rejection notices from bmc.com to several addresses 
  found on their site. 
  -Original Message- From: Marty 
  Richards [mailto:[EMAIL PROTECTED]] 
  Sent: Tuesday, June 18, 2002 2:42 AM To: MS-Exchange Admin Issues Subject: RE: SPAM 
  relay 
  Hi Richard,   Most likely its a misaddressed spam - your mail server is trying 
  to return it to the "@yahoo" originator as unknown 
  recipient. Probably the yahoo account never existed 
  (headers are easily forged) or Yahoo have disactivated 
  it due to the spammout.   That message is a yahoo standard for bouncing spam cases - they 
  probably have a different message for open relays 
  ;)   Just for interest, 
  if Yahoo are in the practice of suspending spam-associated mail accounts, what would stop anyone forging a mail 
  out on behalf of any yahoo user and suspending the 
  account? *shrug* I guess this is a problem with SMTP 
  really, as there is no authentication.   
  Cheers, Marty 
  -Original Message- From: 
  Richard McMahon [mailto:[EMAIL PROTECTED]] 
  Sent: Tuesday, June 18, 2002 7:24 PM To: MS-Exchange Admin Issues Subject: SPAM 
  relay 
  Hi folks  I just want to run this past you all.  
  
  I have two servers connected to the internet.  Both have 
  been sending this message 
  The following recipients did not receive the attached mail. 
  Reasons are listed with each recipient: 
  <[EMAIL PROTECTED]> [EMAIL PROTECTED]     
  MSEXCH:IMS:Appropria:US-Pleasanton:BOWMORE 3553 (000B09B6) 553 
  VS10-RT Possible forgery or deactivated due to abuse - 
  see http://help.yahoo.com/help/us/mail/spam/spam-18.html 
  <http://help.yahoo.com/help/us/mail/spam/spam-18.html>  
  (#5.1.1) 
  The message that caused this notification was: 
  I have (as far as I know) configured the servers to stop 
  relaying and I do get relaying denied messages when I 
  test it. 
  Anyone know whether I should be worrying about this message? 
  
  Richard 
  List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm 
  
  List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm 
  
  List Charter and FAQ at: http://www.sunbelt-software.com/exchange_list_charter.htm 
  List Charter and FAQ 
  at:http://www.sunbelt-software.com/exchange_list_charter.htm
List Charter and FAQ at:
http://www.sunbelt-software.com/exchange_list_charter.htm

RE: Spam relay problem

2013-02-04 Thread Kennedy, Jim 
You are brgeneral and this hit your system there?

If that is correct I don't see that as a relay, I see it as someone spoofing 
your 'from' address space. Very common.

If you want to stop your Cuda from accepting this kind of email you want to 
look at the 'sender spoof' setting in your Cuda. But be aware a lot of so 
called legit email will spoof your from address. For example amazon.com order 
confirmations do, or at least used to last time I looked.

From: Todd Lemmiksoo [mailto:tlemmik...@gmail.com]
Sent: Monday, February 04, 2013 10:14 AM
To: MS-Exchange Admin Issues
Subject: Spam relay problem

What steps should I take to troubleshoot this type of relay? That source IP is 
not ours.

X-ASG-Debug-ID: 1359697244-058e841d914e4a30001-uhLaEQ Received: from biblio 
(lvelizy-156-45-11-122.w80-11.abo.wanadoo.fr
 [80.11.32.122]) by securemail1.brgeneral.org 
with ESMTP id etJOQQqUPhHTkKXN for 
mailto:vacacu2ped...@gmail.com>>; Thu, 31 Jan 2013 
23:40:44 -0600 (CST) X-Barracuda-Envelope-From: 
ad...@brgeneral.org X-Barracuda-Apparent-Source-IP: 
80.11.32.122 MIME-Version: 1.0 From: 
ad...@brgeneral.org To: 
vacacu2ped...@gmail.com Date: 1 Feb 2013 
06:49:58 +0100 Subject: 69.2.47.143 X-Barracuda-Connect: 
lvelizy-156-45-11-122.w80-11.abo.wanadoo.fr[80.11.32.122]
 X-Barracuda-Start-Time: 1359697244 X-Barracuda-URL: 
http://securemail1.brgeneral.org:8000/cgi-mod/mark.cgi 
X-Barracuda-Orig-Rcpt:
 vacacu2ped...@gmail.com X-ASG-Orig-Subj: 
69.2.47.143 X-Virus-Scanned: by bsmtpd at brgeneral.org 
X-Barracuda-Spam-Score: 0.14 X-Barracuda-Spam-Status: No, SCORE=0.14 using 
global scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=9.0 
tests=MISSING_MID, NO_REAL_NAME X-Barracuda-Spam-Report: Code version 3.2, 
rules version 3.2.2.121486 Rule breakdown below pts rule name description  
-- -- 0.14 
MISSING_MID Missing Message-Id: header 0.00 NO_REAL_NAME From: does not include 
a real name

Running Barracuda Spam/Email filter appliances and Exchange 2010 SP1
--
T. Todd Lemmiksoo

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe exchangelist

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe exchangelist