Spoofed/spam emails - anyway to stop?

[dcsnetwiz]

I've checked and double check my exchange 2000 server and could not come up with any answer to this issue. About a week ago the organization that I support started to get emails from address that had the domain extension but had a fake or spoofed id, ex; jennifer@mydomain.com Our naming convention does not use the first name at all. One of the users mentioned that a mail distribution list that she belongs to, (that is part of another company) was hit with a virus (about a week ago) and thats when people in my organization started to see these emails. Coincidence? Maybe? Server and desktop anti-virus is current and running fine, windows security patches are current with all machines and now I'm at a loss. Any thought on what to look for in exchange 2K? Is there anything that I can do? My true feeling is that the organization that has the virues is not completely clean, resulting in these bogus emails...

TIA
A

 

[lgarner]

Are they all coming from one sender domain? Maybe you could let them know. Most likely this is just a dictionary attach. Nothing you can do. Exchange drops the ones to invalid IDs and your AV would protect the workstations if the messages contain viruses/worms.

If you have a spam solution in front of the Exchange server you could drop the messages sooner, reducing the load on Exchange, but that's about as good as it gets.

 

[dcsnetwiz]

I thought so... we are looking to purchase a frontend spam catcher, any recommendations?
The emails are not coming from one domain, its multiple domains. The sender sometimes appears to be from someone internal ex: name@mydomain.com, but we do not use the first names in out naming convention. It also appers that the email box that they are sending to is our website contact email. Very frustrating, but if there is nothing that can be done, I'll chalk it up that way.

Any other thoughts?
TIA
A

 

[lgarner]

I use SpamAssasin (

http://www.spamassassin.org).

Works great. It's blocking at least 95-98% (I just checked- yesterday was big with 347 messages to me quarantined. Only about 10 got through).

Also, the gateway server maintains a list of valid Exchange recipients and drops everything else to lighten the load on Exchange. That has helped a *lot*.

No cost for these except the computer and setup time. Some of the appliance types, like Barracuda, look interesting but I haven't tried them.

Harvested addresses is a problem. I used to be the domain contact for the company, and now I'm easily the top spam-receiver.

 

[minxca]

I block email that coming from @mydomain.com with ORF. It's good only $100 and does the job.

 

[darenw]

Depending on what virus attacked your system it could still be on a machine or some of the newer viruses do spoof domain names so it may not be coming from the company in question. As far as a spam filter I been using GFI software and have had great success in reducing the amount of spam that gets through to the desktops (from about 400/day to around 3/day).

 

[AlexIT]

Just upgraded a bunch of clients to newest version of Mail Marshal and love the new interface, works fantastic and lets you control inbound and outbound mail content, anti-virus, pics, avi files, music files, etc...plus automatically updates the text scripts for new spam attacks every day.

 

[fs483]

We use Sybari's Antigen with the Spam Manager add-on. The base product contains 5 anti-virus engines + 1 spamcure engine. It's works very well. All spam coming in is tagged SUSPECT in the subject line and then it's delivered to the recipient. On the recipient's email program, we configure a rule to move the mail to a junk mail folder. The software is very flexible although on the pricey side.

 

[tangostar]

If you're interested the Barracudda has worked great for me and it can be configured to block invalid email accounts.