I need help with resolving a few spam issues. I have two different types that I'd like to discuss. The first issue is where the headers come in and aren't processed as spam. The headers appear like this:
-
From: Canadiana Pharamcy <82669621@yahoo.com>
To: <xxx@xxxxxx.org>
Subject: Canadian Pharmacy : Viagra + CIALIS !!
Date: Thu, 1 Nov 2012 05:05:32 -0500
MIME-Version: 1.0
Content-Type: text/plain
Return-Path: 82669621@yahoo.com
This particular message can't be stopped. I want to eliminate them from coming in at all. The second type of spam I get include these types of headers.
-
Received: from syntq (tiuchou@41.191.241.139 with login) by
smtp201.mail.bf1.yahoo.com with SMTP; 01 Nov 2012 09:38:40 -0700 PDT
Message-ID: <50925FC8.7820D0C8@smtp.mail.yahoo.com>
Date: Thu, 1 Nov 2012 11:41:08 -0500
From: "tiuchou@yahoo.com" <tiuchou@yahoo.com>
Subject: I hate to be the one to tell you but
To: <lmtgp200805@gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Mozilla 4.79 (Macintosh; U; PPC)
MIME-Version: 1.0
Return-Path: tiuchou@yahoo.com
Received-SPF: None (xxxxx.xxxxxx.xxx tiuchou@yahoo.com does not
designate permitted sender hosts)
The message wasn't destined to anyone inside my company, yet it came through. I think it came through because I have an account set up that will forward all emails coming from yahoo.com to a spam email account that requires approval. Can anyone help me stop this from happening? Why did SPF mark this as NONE and STILL allow it. Why wasn't SPF on the first internet header, when it was said to originate from yahoo.com?
Here are the settings for both my exchange servers in regards to recipient filtering.
-
Name : RecipientFilterConfig
BlockedRecipients : {}
RecipientValidationEnabled : True
BlockListEnabled : False
Enabled : True
ExternalMailEnabled : True
InternalMailEnabled : True (edit: changed it to true after posting here, can't hurt to have extra security)
And now THIS is sitting in the queue for my new exchange server, which only has two mailboxes hosted on it, and one MAPI client connected and one activesync connection connected to it.
-
Identity: W2K8R2-ESP2-1\81\3275
Subject: Undeliverable: Svetlana has just updated new her profile
Internet Message ID: <a80cdce9-af2a-4b45-a1d2-bd31a295c382@domain.com>
From Address: <>
Status: Ready
Size (KB): 5
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 11/2/2012 9:50:15 AM
Expiration Time: 11/4/2012 8:50:15 AM
Last Error:
Queue ID: W2K8R2-ESP2-1\81
Recipients: C9FB90E@palmdesertoffices.com
How can I block messages that do not contain a from: address?
As you can see in the picture, I have email being sent to locations that email wont be sent to. I have the settings above that show my antispam settings. Also this mail queue is from the new server that only has 1 mapi connection and one active sync device connected to it. NOTHING should be coming through this because I AM that person connected. I scanned my PC and it is clean as a whistle, I used Malwarebytes and MSE. My phone uses client authentication certificates and it's a brand new iPhone.
Can anyone direct me to a location that will allow me to get some more incite on where these emails are coming from?
NOTE: this was originally posted here at the General Forum. Moved it here as suggested.