Soldato
- Joined
- 25 Mar 2004
- Posts
- 16,008
- Location
- Fareham
I work for an email hosting company, now I usually can solve pretty much anything that comes my way but there is one problem that is bugging me,
this one user is receiving tons of spam emails, normally in case of spam I get header info etc to find out how it reached them, so they sent us the example messages and it looks like somehow the header info got cut off!
Any ideas as to how these messages were sent to the user?
They're not going through the spam filters on the domain or via any servers at all, they just seem to be connecting directly to the mailbox and sending it that way somehow.
blanked out recipient email address and name,
for info we run an Exchange 2003 server which is quite well patched up, has SP1 or SP2 I believe can't remember.
Message 1:
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_003_01C86E22.74F1B480"
Subject: Breaking news from Brand Republic - Olympics, GCap, Brook, Nokia, SawIV
Date: Wed, 13 Feb 2008 09:25:55 +0000
Message-ID: <[email protected]>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Breaking news from Brand Republic - Olympics, GCap, Brook, Nokia, SawIV
Thread-Index: AchuInVldebcHXjZRQmdqhnkdpAwRA==
From: <[email protected]>
To: "X" <X>
Reply-To: <[email protected]>
Message 2:
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_005_01C86DF7.B6209F00"
Subject: =?iso-8859-1?Q?Feeling_the_pinch=3F=2E=2EWin_=A33=2C000_to_spend_in_Tesco?=
Date: Wed, 13 Feb 2008 03:44:51 +0000
Message-ID: <1202874291.1246.12337685MSOSI1257114575:[email protected]>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: =?iso-8859-1?Q?Feeling_the_pinch=3F=2E=2EWin_=A33=2C000_to_spend_in_Tesco?=
Thread-Index: Acht97avKMm4xpu4RoyqxXeTW9KeFQ==
From: "MyOffers" <[email protected]>
To: "X" <X>
Reply-To: <[email protected]>
Message 3:
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_006_01C86DEB.22E16C80"
Subject: February Stand and Deliver For You
Date: Wed, 13 Feb 2008 02:49:58 +0000
Message-ID: <95148fbddc-kcleland=[email protected]>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: February Stand and Deliver For You
Thread-Index: Acht6yN9//NgvEXoQeSIsFtzoqW4gQ==
List-Unsubscribe: <mailto:[email protected]?subject=unsubscribe>
From: "Global Speakers & Entertainers" <[email protected]>
To: "X" <X>
Reply-To: "Global Speakers & Entertainers" <[email protected]>
this one user is receiving tons of spam emails, normally in case of spam I get header info etc to find out how it reached them, so they sent us the example messages and it looks like somehow the header info got cut off!
Any ideas as to how these messages were sent to the user?
They're not going through the spam filters on the domain or via any servers at all, they just seem to be connecting directly to the mailbox and sending it that way somehow.
blanked out recipient email address and name,
for info we run an Exchange 2003 server which is quite well patched up, has SP1 or SP2 I believe can't remember.
Message 1:
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_003_01C86E22.74F1B480"
Subject: Breaking news from Brand Republic - Olympics, GCap, Brook, Nokia, SawIV
Date: Wed, 13 Feb 2008 09:25:55 +0000
Message-ID: <[email protected]>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Breaking news from Brand Republic - Olympics, GCap, Brook, Nokia, SawIV
Thread-Index: AchuInVldebcHXjZRQmdqhnkdpAwRA==
From: <[email protected]>
To: "X" <X>
Reply-To: <[email protected]>
Message 2:
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_005_01C86DF7.B6209F00"
Subject: =?iso-8859-1?Q?Feeling_the_pinch=3F=2E=2EWin_=A33=2C000_to_spend_in_Tesco?=
Date: Wed, 13 Feb 2008 03:44:51 +0000
Message-ID: <1202874291.1246.12337685MSOSI1257114575:[email protected]>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: =?iso-8859-1?Q?Feeling_the_pinch=3F=2E=2EWin_=A33=2C000_to_spend_in_Tesco?=
Thread-Index: Acht97avKMm4xpu4RoyqxXeTW9KeFQ==
From: "MyOffers" <[email protected]>
To: "X" <X>
Reply-To: <[email protected]>
Message 3:
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_006_01C86DEB.22E16C80"
Subject: February Stand and Deliver For You
Date: Wed, 13 Feb 2008 02:49:58 +0000
Message-ID: <95148fbddc-kcleland=[email protected]>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: February Stand and Deliver For You
Thread-Index: Acht6yN9//NgvEXoQeSIsFtzoqW4gQ==
List-Unsubscribe: <mailto:[email protected]?subject=unsubscribe>
From: "Global Speakers & Entertainers" <[email protected]>
To: "X" <X>
Reply-To: "Global Speakers & Entertainers" <[email protected]>