Need Help with spam

[kopja]

Hi everyone

basically, 3 of the users starting getting this weekend emails
from "system administrator" saying their email could not be delivered.

According to the Messagin tracking center, there are no emails sent By these users.

Is there anywhere else I need to check?
----------------------------------------------------------
Below is one of the emails
From: System Administrator
Sent: Monday, September 11, 2006 9:53 AM
To: ????
Subject: Undeliverable:??????????? ? ?? ? ???? - ?????? ????, ??????????? ??????????. ?????? ????????????? ????????!

Your message did not reach some or all of the intended recipients.

Subject: ??????????? ? ?? ? ???? - ?????? ????, ??????????? ??????????. ?????? ????????????? ????????!
Sent: 09/11/2006 9:31 AM

The following recipient(s) could not be reached:

pirs@vyborg.ru on 09/11/2006 9:31 AM
The message could not be delivered because the recipient's mailbox is full.
<sbs.pirs.local #5.2.2>

 

[markdmac]

If they did not send email then there are two possible scenarios.

1. Somoene spoofed your users email and you are just getting the NDR
2. You have spyware or a virus that is sending out email

Verify that your systems are clean. I recommend you use TrendMicro's HouseCall which is a free online scanner to check for Viruses and Spyware.

If the problem is issue #1 then there is nothing you can do about it. Any one of this person's contacts could be infected and is sending out SPAM with fake headers from every one of their contacts.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

 

[kopja]

We have Mcafee Enterprise Ed for all our PCs, and according to them there are no infections.
I understand the scenario of NDR and I think this is the case, however, I want it to make sure there is way it went from inside (a non-detected worm or smth).

There should be a way to tell from the Windows/Exchange Server
if a certain user or machine sent an email.

I just tried something, using a simple VB script to send email

Set Msg = CreateObject("CDO.Message")
With Msg
    .To = "an external email"
    .From = "my email"
    .Subject = "testing"
    .TextBody = "testing"
    .Send
End With

This email for example does not show up on the Exchange Message Tracking Center.
Is there a way to check for these kind of emails?

Note that none of my users (except me) are able to send emails via CDO as in this script.

Thanks

 

[markdmac]

Don't rely only on one vendor for AV and Spyware detection. It is always a good idea no matter what vendor you use to have a backup that you periodically do checks with.

Your SMTP logs will list each machine sending SMTP email.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

 

[kopja]

Mark, thanks for helping out.

Where are these SMTP logs and how do I access them (ie are they txt or some other format)?

We have Mcafee for Desktops, and Antigen for emails (Antigen uses 5 engines) to scan emails. As I work for a small company, budget is limited.

 

[markdmac]

The TrendMicro HouseCall is Free.

http://www.trendmicro.com.

View properties of your SMTP Virtual Server to set the logging level and to choose log location.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript