SPAMM

[WthSPAMM]

Hello,

Why am i getting (spamm) emails from your company with this message:

"This is test e-mail message sent by Veeam Backup & Replication."

Sent by my own domain from "alertas @ dinis . pt" to "dinis @ dinis . pt"

Why am i getting this emails so often and why from my own domain

[Vitaliy S.]

Hello,

Do you have global email notification settings configured (main menu -> options -> email settings)? Might be a silly guess, but could someone in your organization be "playing" with these settings?

Thank you!

[WthSPAMM]

I dont have an account on this service, and i can guarantee no one from this organization is playing with it since none have permissions to do so.

[Vitaliy S.]

Hmm...is this the only backup server installed in your VI? Actually, this is the first time I hear about this behavior... do you see any mentioning of email notifications in the Veeam backup shell log? If you need an assistance with logs review, you can contact our technical support team directly.

[WthSPAMM]

I dont have, or ever had, any service from this company, why are you asking me for logs....
I just want to know who sent those emails, i meant, who programmed them to be sent, or whatever, and why/how from my own domain.

Will just add your company keywords to several spamm centers until i get a proper reply to know why am i getting this emails

[Vitaliy S.]

Don't get me wrong, but the format of the email in your original post shows that this email was sent by the backup server installed in your environment, that is why I wanted to check logs to see what is going on. I would suggest reviewing Exchange server trace information to determine the IP address of this server and then verify its notification configuration. Hope this makes sense.

[WthSPAMM]

Can you help me to figure it out, as far as i know its not installed in my environment, but presuming it is, how can i "find" it?

[foggy]

As Vitaliy has suggested, you can detect the IP address of the sending server by reviewing your Exchange server trace information. Thanks.

[Vitaliy S.]

I believe these links should be a good place to start, please look them through:

http://social.technet.microsoft.com/For ... svrclients
http://whatismyipaddress.com/trace-email

[Dima P.]

D C,

Just a quick note - good place to start your investigation are message headers ( go to Outlook > open an email report you got > message options > Internet Headers ). Thank you.

[WthSPAMM]

Thank you, im 100% sure its not installed on my machine, headers said the ip is located very far away from me, what i need to know is for whoever installed it, what he needed to know about my domain to install it?

What can i do to remove his access?

Thanks in advance

[Vitaliy S.]

Do you see the account that was used to send you the email? You can block this account in the AD and then contact this person for further investigation.

[jamerson]

i really wouldnt call this spam, however someone from inside your organisation install it and it sending the emails to the sppecifice email adress or group that been configured there.
open the headed email, tracerout the email to know from which machine does it comes.

[foggy]

Actually, it could even be the message from outside your company. It definitely worth tracing the e-mail route.

[jamerson]

Actually, it could even be the message from outside your company. It definitely worth tracing the e-mail route.

i was thinking the same !

[Dima P.]

D C,

Thank you, im 100% sure its not installed on my machine, headers said the ip is located very far away from me, what i need to know is for whoever installed it, what he needed to know about my domain to install it?

Unfortunately, there is no way to prevent you from getting SPAM from the recipient who pretends to be an email user of your domain. It is a global email issue – any SMTP server with no authentication (and that could be open source email hosting) will send an email to any valid recipient. Hopefully one day all open source SMTP servers would use authentication.

I suggest you looking into AntiSpam solutions and DNS spamlists to be implemented into your exchange. By the way - a good practice is to create an SPF record for your domain.

[jamerson]

if his env. using SMTP spam like Baraccuda he can find te source of the sender and he could simply block the IP if it external !

[Dima P.]

SPF record would work better as it would actually mark IP addresses responsible for the company’s domain email delivery, without additional costs, but unfortunately that would not save company email users from getting multiple bounce back notifications in case email would be spoofed...

[ITP-Stan]

Unfortunately, there is no way to prevent you from getting SPAM from the recipient who pretends to be an email user of your domain.

Offcourse there is, SPF records are used exactly for this!

The main goal, is using exchange tracking to see if the messages comes from inside the organization or outside.

[Dima P.]

ITP-Stan,

As I mentioned before - creation of the SPF would only save your domain being spoofed. The funny thing is that original recipient would not get spam message send on behalf of your domain because of the SPF record preventing your domain being spoofed but your domain mailboxes would get bounce backs each time such spam message is rejected. Some spam bots are actually using this scenario to deliver spam in bounce back messages.

For tracking purposes - mail headers in outlook or exchange server tracking could be used.

[ITP-Stan]

That's wrong.
You won't get many (or almost non) bounce messages, because almost all mailservers will close the connection and don't accept the message when the SPF record doesn't allow the sender IP to use the domain. Or they do accept it but don't send bounces when the SPF fails.
So no bounces are send. Mailservers who don't follow these rules quickly end up on blacklists, so you can be sure that 99% of them follows these rules.

One thing that you must take into account for a Microsoft AD, if your internal and external domain are the same, you need to define the SPF record on your internal DNS as well.

[Dima P.]

ITP-Stan,

Sounds good, but it seems this conversation went too far from the original poster's question. If you have any Veeam B&R related questions I would gladly help you with them. Thank you!

[Gostev]

I cannot complain about this particular offtopic. I've learned a few things