Block chinese characters??? - ORF Forums

Block chinese characters??? RSS Back to forum

1

One user on our domain is receiving hundreds of spam emails. I have added his email to the senders blacklist but they are still coming through??

Version: 4.4 REGISTERED
Log Mode: Verbose
Server:
Source: SMTPSVC-1
Time: 5/23/2011 1:17:33 PM
Class: System Message
Severity: Information
Actions: (not available)
Filtering Point: Non-filtering
HELO/EHLO Domain: (not available)
Related IP Address: 65.54.188.72
Message ID: (not available)
Email Subject: mgo1--高 级 秘 书、助 理 和 行 政 人 员 技 能 提 高 训 练 营Ё
Sender:
Recipient(s):
*
*
*
*
*
*
*
*
*
Message:
Added "" to the Auto Sender Whitelist.

by mark rosenbaum 8 years ago
2

@mark rosenbaum: The senders name is a user on our domain and he is using a MAC

by mark rosenbaum 8 years ago
(in reply to this post)

3

@mark rosenbaum: According to the log message, this is an outgoing email relayed thru your server, which ORF will not filter (it is designed to filter incoming emails only). Most likely, a spammer has the username/password combination of this user and using this account to relay spam out using your server. I strongly suggest changing the password of this account immediately and make sure you allow only authenticated users to relay.

by Krisztian Fekete (Vamsoft) 8 years ago
(in reply to this post)

4

@Krisztian Fekete (Vamsoft): changed password and it is still happening

by mark rosenbaum 8 years ago
(in reply to this post)

5

Disabled account in active directories and the messages are still coming through???

by mark rosenbaum 8 years ago
6

@mark rosenbaum: If disabling the account won't stop it, that could mean the spammer is able to relay without authentication. Are you sure relaying restricted to authenticated users only?

See these articles:

http://www.petri.co.il/preventing_exchange_2000_2003_from_relaying.htm

http://support.microsoft.com/?id=324285

by Krisztian Fekete (Vamsoft) 8 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

It will not be published.
hnp1 | hnp2