per mailbox database journalling is archiving spoofed blacklisted email. RSS

1

I notice that spoofed emails are being journalled in my per mailbox database journal.

eg:
Content-Type: multipart/mixed;
boundary="_368cdb06-aa33-4835-8f90-c9e97023b91b_"
Subject: your financial expectation will fulfill
To: , ,
,
From: , ,
,
MIME-Version: 1.0
Sender:
Message-ID:
Date: Mon, 18 Feb 2013 05:40:31 +0000
X-MS-Journal-Report:
X-MS-Exchange-Organization-AuthSource: Exchange2010.xxxcom.sg
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 05


--
they are being tagged/redirected by ORF to my spam bucket, which is in other database journal altogether.
I believe its the spoofed from mechanism.

is there anything I can do? I could just ignore it, but its just unsightly.

by christopher.low 6 years ago
2

@christopher.low: I think the command you are looking for is

Set-MailboxJunkEmailConfiguration -Identity ArchiveMgr_Journal -Enabled $false

this will remove the Junk E-Mail folder for the ArchiveMgr_Journal mailbox in Exchange. (Or I misunderstood the problem :)

by Krisztián Fekete (Vamsoft) 6 years ago
(in reply to this post)

3

yeap. you misunderstood.

the exchange per mailbox database journalling , makes an envelope journal of all legitimate incoming/outgoing emails.

yet emails with SPOOFED sender addresses (ie: address belongs to someone in my organisation), sent to another person in my organisation is journalled. these emails are blacklisted/already identified by orf.

now I'm not sure if its exchange issue, or orf issue.

but its not too terrible to clean up. cos the envelope journal has

Sender: legitimatemailboxaddress
Subject: distinctive system profitable and free
Message-Id:
Recipient: spambucketadddress

---
I just have to have an exchange rule to locate "recipient: spambucketaddress" to filter it out.
---

so its just curious why it happens.

by christopher.low 6 years ago
4

@christopher.low: You mentioned that ORF blacklist these emails (i.e., they are tagged and redirected to the Junk folder): ORF has nothing to do with journaling, so this is clearly an Exchange issue.

I guess when deciding what to journal, Exchange examines the sender address only by default, and ignores everything else unless you have a manual Journaling rule not to do so:

http://technet.microsoft.com/en-us/library/aa998649.aspx#rules

by Krisztián Fekete (Vamsoft) 6 years ago
(in reply to this post)

5

Today’s business is not about how much effort you are putting but it’s all about how much profit you are gaining by putting the least effort. Hence the means or the ways of doing business in current times has also undergone sea changes. The most successful businesses succeed because they use the most sophisticated and most updated tools that set them a step ahead than their contemporaries.
[REDACTED by Vamsoft administrator] provides you the most sophisticated and elaborate databases on Australian business email database, with full of customer information that you may wish to target in order to promote your products and/or services. Thinking about procuring a comprehensive database on Australian business email lists, your solution lies with [REDACTED by Vamsoft administrator] providing you a complete Australian consumers’ email database to help market yourself like never before. Stay ahead in the race simply by buying an email database from us with all relevant details of potential clients.
[Link REDACTED by Vamsoft administrator]

by Australia email business database 5 years ago
6

oh wow, you're getting forum spam now..

by christopher.low 5 years ago
7

@christopher.low: You'd be surprised how much spam an average website receives. We log failed web requests and almost all of them are robots trying to submit spam (the rest are SQL injection attempts, also automatized). Any HTML form on a website will attract spamming robots.

While this forum has no spam filtering per se and we allow registration-free posts, we employ a few tricks to prevent automatic submission of content. These work pretty well for distringuishing between humans and robots, but then if the poster is a human, they won't stop posting spam content, so in this case the post was likely made by a human. In the past, we've been hit quite hard by such "manual spam" posted by people lead into believing they can make money by posting spamvertized links as "affiliate marketing".

by Péter Karsai (Vamsoft) 5 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

Nickname:
Email address (will not be published):
Your comment:

ORF Technical Support

Configuring, installing and troubleshooting ORF.

News & Announcements

Your dose of ORF-related news and announcements.

Everything but ORF

Discuss Exchange and system administration with fellow admins.

Feature Test Program

Feature Test Program discussion. Membership is required to visit this forum.

ORF Beta

Join the great bug hunt of the latest test release.

Customer Service

Stay Informed