RE: internal spam

2012-02-27 Thread Alan Davies
should have worked better! a From: Glen Johnson [mailto:gjohn...@vhcc.edu] Sent: 25 February 2012 14:11 To: MS-Exchange Admin Issues Subject: RE: internal spam Just an FYI. If you allow OWA to the iinterweb, these scammers have scripts that can spam via

RE: internal spam

2012-02-27 Thread Randal, Phil
-Exchange Admin Issues Subject: RE: internal spam The accounts have been compromised…usually via a phishing attempt. So the entire process of the internal attack is with a valid authenticated acct. We have our SMTP services set to be authenticated…the problem is looking for a process that we

RE: internal spam

2012-02-27 Thread Randal, Phil
Admin Issues Subject: RE: internal spam You need to restrict which boxes are allowed to talk SMTP to your SMTP relays. Should only be your exchange servers and a few other boxes, as needed. It’s worth packet-sniffing the SNMP traffic to these boxes (which will identify the spambots if they’re

RE: internal spam

2012-02-25 Thread Glen Johnson
, February 24, 2012 6:38 PM To: MS-Exchange Admin Issues Subject: RE: internal spam The accounts have been compromised…usually via a phishing attempt. So the entire process of the internal attack is with a valid authenticated acct. We have our SMTP services set to be authenticated…the problem

RE: internal spam

2012-02-24 Thread Randal, Phil
Infrastructure Engineer Hoople Ltd | Thorn Office Centre | Hereford HR2 6JT Tel: 01432 260415 | Email: phil.ran...@hoopleltd.co.uk From: Sharp, Kevin [mailto:kevin.sh...@usask.ca] Sent: 24 February 2012 17:20 To: MS-Exchange Admin Issues Subject: internal spam I'm wondering how people are dealing

RE: internal spam

2012-02-24 Thread Campbell, Rob
Maybe easier said than done if the clients are using POP. From: Randal, Phil [mailto:phil.ran...@hoopleltd.co.uk] Sent: Friday, February 24, 2012 11:30 AM To: MS-Exchange Admin Issues Subject: RE: internal spam The devil's in the detail? How are the infected boxes sending the emails? Via SMTP

RE: internal spam

2012-02-24 Thread Young, Darren
, Kevin [mailto:kevin.sh...@usask.ca]mailto:[mailto:kevin.sh...@usask.ca] Sent: 24 February 2012 17:20 To: MS-Exchange Admin Issues Subject: internal spam I'm wondering how people are dealing with compromised accounts in Exchange sending large volumes of email...essentially an internal spam attack

RE: internal spam

2012-02-24 Thread Beckers, Shawn (IT Services)
. http://www.msexchange.org/articles_tutorials/exchange-server-2010/monitoring-operations/preventing-autoreply-storms-part1.html From: Sharp, Kevin [mailto:kevin.sh...@usask.ca] Sent: Friday, February 24, 2012 11:20 AM To: MS-Exchange Admin Issues Subject: internal spam I'm wondering how people

Re: internal spam

2012-02-24 Thread Mike Tavares
that is a legit address? From: Sharp, Kevin Sent: Friday, February 24, 2012 12:19 PM To: MS-Exchange Admin Issues Subject: internal spam I’m wondering how people are dealing with compromised accounts in Exchange sending large volumes of email…essentially an internal spam attack

RE: internal spam

2012-02-24 Thread Sharp, Kevin
helped, but like any good phishing attack, it only takes one bite to cause this problem. Thanks Kevin From: Mike Tavares [mailto:miketava...@comcast.net] Sent: Friday, February 24, 2012 4:26 PM To: MS-Exchange Admin Issues Subject: Re: internal spam 1 question just to clear up some confusion