Search TechNet with Bing

United States (English)

Sign in

Home

Library

Wiki

Learn

Downloads

Support

Forums

Blogs

Resources for IT Professionals > Forums Home > Exchange Server Forums > Anti-virus/Anti-spam > Spam not from our network

Need Help with Forums? (FAQ)

My Forum Links

Spam not from our network

Search Anti-virus/Anti-spam Forum

Ask a question

Sign In To Forums Forums Home Browse Forums Users

scottyp55

25

Thursday, January 28, 2010 6:55 PM

We just started receiving emails from a company called abusix.org claiming we are sending spam. Below is an example of the email. We don't send any spam from our company. Can someone let me know how this can 0 be happening? We have an Exchange 2003 server. Our SMTP server is a qmail server. I made sure we're not Sign In to relaying in Exchange. Other than that I don't know how to stop this. And abusix won't return phone calls.
Vote

Spamtraphit by xx.xx.xx.xx 2010-01-28 18:09:35 +0000 [noreply]

Hello, this is an autogenerated abuse complaint regarding your network. abusix.org will return every single spamtrap hit as well as any other abusive behavior to the responsible Network Operator or Abuse Desk.
Any help is greatly appreciated. Thanks, Scott Reply Quote

Related Topics
= Unanswered = Answered

relaying spam but confirmed not open relay Not sure, but it feels like a SPAM outbreak....

Answers
Rich Matheisen [MVP] (Partner, MVP)
15,045

Possible Spam on Exchange SPAM Slipping by Proofpoint & TrendMicro ScanMail to Blackberry ...

Thursday, January 28, 2010 7:59 PM

On Thu, 28-Jan-10 18:55:04 GMT, scottyp55 wrote:

Our Public IP was blacklisted by barracuda but why some mails get ... Spam going out from buisness

>We just started receiving emails from a company called abusix.org claiming we are sending spam. Below is an example of the email. We don't send any spam from our company. Can someone let me know how Sign In to this can be happening? We have an Exchange 2003 server. Our SMTP server is a qmail server. I made sure Vote we're not relaying in Exchange. Other than that I don't know how to stop this. And abusix won't return phone calls.Spamtraphit by xx.xx.xx.xx 2010-01-28 18:09:35 +0000 [noreply] Does the IP address xx.xx.xx.xx belong to you? If it does then you should be able to see the outboud mail in your SMTP logs -- if you know what the spamtrap address was -- or the sender, or the subject of the email. Other than that there's not much to go on. The FAQ at their web site says that the necessary message headers are included in their notifications. Assuming the Receive headers are in there you should be able to see what's going on on your server. --Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP
Marked As Answer by scottyp55 Thursday, January 28, 2010 9:23 PM

NDRs on spam Spam Solution for Exchange 2003 spammer on the inside of the network . Running Edge Transport with third party spam blocker

2011

Statistics
Started: 1/28/2010 Last Reply: 7/12/2010 Helpful Votes: 0 Replies: 5 Views: 2,732

Reply

Quote

scottyp55

25

Thursday, January 28, 2010 9:23 PM

Well I ended up tracking it down. The header referenced a laptop in our company. When I tracked it down, it was loaded with viruses. That seems to be the culprit. Thanks for your help.
Marked As Answer by scottyp55 Thursday, January 28, 2010 9:23 PM

0
Sign In to Vote

Reply

Quote

All Replies
Rich Matheisen [MVP] (Partner, MVP)
15,045

Thursday, January 28, 2010 7:59 PM

On Thu, 28-Jan-10 18:55:04 GMT, scottyp55 wrote:

>We just started receiving emails from a company called abusix.org claiming we are sending spam. Below is an example of the email. We don't send any spam from our company. Can someone let me know how this can be happening? We have an Exchange 2003 server. Our SMTP server is a qmail server. I made sure Sign In to we're not relaying in Exchange. Other than that I don't know how to stop this. And abusix won't return Vote phone calls.Spamtraphit by xx.xx.xx.xx 2010-01-28 18:09:35 +0000 [noreply]

Does the IP address xx.xx.xx.xx belong to you? If it does then you should be able to see the outboud mail in your SMTP logs -- if you know what the spamtrap address was -- or the sender, or the subject of the email. Other than that there's not much to go on. The FAQ at their web site says that the necessary message headers are included in their notifications. Assuming the Receive headers are in there you should be able to see what's going on on your server. --Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP
Marked As Answer by scottyp55 Thursday, January 28, 2010 9:23 PM

Reply

Quote
25

scottyp55

Thursday, January 28, 2010 8:36 PM

Thanks a lot for the response Rich. They do attach the original email (something ____ related), but there is no header info available. Below is 0 the header in the email they sent us. Toward the bottom, there seems to be bogus information about the Sign In to sender. Is it possible to get anything out of this?
Vote

--1264703067.bd5ba0.14933-Reply Quote

scottyp55

25

Thursday, January 28, 2010 9:23 PM

Well I ended up tracking it down. The header referenced a laptop in our company. When I tracked it down, it was loaded with viruses. That seems to be the culprit. Thanks for your help.
Marked As Answer by scottyp55 Thursday, January 28, 2010 9:23 PM

0
Sign In to Vote

Reply

Quote
15,045

Rich Matheisen [MVP] (Partner, MVP)

Thursday, January 28, 2010 11:55 PM

On Thu, 28-Jan-10 20:36:46 GMT, scottyp55 wrote: > Sign In to > >Thanks a lot for the response Rich.They do attach the original email (something ____ related), but there is Vote no header info available. Below is the header in the email they sent us. Toward the bottom, there seems to be bogus information about the sender. Is it possible to get anything out of this?--1264703067.bd5ba0.14933-They say they munge the email addresses (which makes sense -- you don't want to divulge the addresses of the spamtraps and honeypots). But I don't know what the stuff they sent to you looks like so I can't comment on what's in it. What you posted looks like the closing tag on a MIME header. --Rich Matheisen MCSE+I, Exchange MVP --- Rich Matheisen MCSE+I, Exchange MVP Reply Quote

espkeeper

Monday, July 12, 2010 11:45 PM

I have also just started getting these in the last month. The address they show is my NAT address for all of

my workstations. My mail server uses a different address, so I'm assuming it's coming from an infected workstation. They send two attachments to help troubleshoot, but they are not much good. One is a .dat file that contains:

Sign In to Feedback-Type: abuse Vote User-Agent: abusix-qp-0.01

Source-IP: xxx.xxx.xxx.xxx (I have hidden the actual address here) Received-Date: Mon, 12 Jul 2010 22:28:50 GMT Version: 0.1 They also include a copy of the original email, but the addresses are blocked out and there is no header information available so that also is little help.

Scotty, How did you get the header information to track down the laptop? Reply Quote

Microsoft. All rights reserved. Terms of Use | Trademarks

| Privacy Statement