Comprehensive data protection for all workloads
Post Reply
WthSPAMM
Novice
Posts: 5
Liked: never
Joined: Oct 12, 2013 9:04 pm
Full Name: D C
Contact:

SPAMM

Post by WthSPAMM »

Hello,

Why am i getting (spamm) emails from your company with this message:

"This is test e-mail message sent by Veeam Backup & Replication."

Sent by my own domain from "alertas @ dinis . pt" to "dinis @ dinis . pt"

Why am i getting this emails so often and why from my own domain

Vitaliy S.
Product Manager
Posts: 24421
Liked: 1924 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: SPAMM

Post by Vitaliy S. »

Hello,

Do you have global email notification settings configured (main menu -> options -> email settings)? Might be a silly guess, but could someone in your organization be "playing" with these settings?

Thank you!

WthSPAMM
Novice
Posts: 5
Liked: never
Joined: Oct 12, 2013 9:04 pm
Full Name: D C
Contact:

Re: SPAMM

Post by WthSPAMM »

I dont have an account on this service, and i can guarantee no one from this organization is playing with it since none have permissions to do so.

Vitaliy S.
Product Manager
Posts: 24421
Liked: 1924 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: SPAMM

Post by Vitaliy S. »

Hmm...is this the only backup server installed in your VI? Actually, this is the first time I hear about this behavior... do you see any mentioning of email notifications in the Veeam backup shell log? If you need an assistance with logs review, you can contact our technical support team directly.

WthSPAMM
Novice
Posts: 5
Liked: never
Joined: Oct 12, 2013 9:04 pm
Full Name: D C
Contact:

Re: SPAMM

Post by WthSPAMM »

I dont have, or ever had, any service from this company, why are you asking me for logs....
I just want to know who sent those emails, i meant, who programmed them to be sent, or whatever, and why/how from my own domain.

Will just add your company keywords to several spamm centers until i get a proper reply to know why am i getting this emails

Vitaliy S.
Product Manager
Posts: 24421
Liked: 1924 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: SPAMM

Post by Vitaliy S. »

Don't get me wrong, but the format of the email in your original post shows that this email was sent by the backup server installed in your environment, that is why I wanted to check logs to see what is going on. I would suggest reviewing Exchange server trace information to determine the IP address of this server and then verify its notification configuration. Hope this makes sense.

WthSPAMM
Novice
Posts: 5
Liked: never
Joined: Oct 12, 2013 9:04 pm
Full Name: D C
Contact:

Re: SPAMM

Post by WthSPAMM »

Can you help me to figure it out, as far as i know its not installed in my environment, but presuming it is, how can i "find" it?

foggy
Veeam Software
Posts: 19652
Liked: 1806 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: SPAMM

Post by foggy »

As Vitaliy has suggested, you can detect the IP address of the sending server by reviewing your Exchange server trace information. Thanks.

Vitaliy S.
Product Manager
Posts: 24421
Liked: 1924 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: SPAMM

Post by Vitaliy S. »

I believe these links should be a good place to start, please look them through:

http://social.technet.microsoft.com/For ... svrclients
http://whatismyipaddress.com/trace-email

Dima P.
Product Manager
Posts: 11960
Liked: 1081 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: SPAMM

Post by Dima P. »

D C,

Just a quick note - good place to start your investigation are message headers ( go to Outlook > open an email report you got > message options > Internet Headers ). Thank you.

WthSPAMM
Novice
Posts: 5
Liked: never
Joined: Oct 12, 2013 9:04 pm
Full Name: D C
Contact:

Re: SPAMM

Post by WthSPAMM »

Thank you, im 100% sure its not installed on my machine, headers said the ip is located very far away from me, what i need to know is for whoever installed it, what he needed to know about my domain to install it?

What can i do to remove his access?

Thanks in advance

Vitaliy S.
Product Manager
Posts: 24421
Liked: 1924 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: SPAMM

Post by Vitaliy S. »

Do you see the account that was used to send you the email? You can block this account in the AD and then contact this person for further investigation.

jamerson
Expert
Posts: 316
Liked: 18 times
Joined: May 01, 2013 9:54 pm
Full Name: Julien
Contact:

Re: SPAMM

Post by jamerson »

i really wouldnt call this spam, however someone from inside your organisation install it and it sending the emails to the sppecifice email adress or group that been configured there.
open the headed email, tracerout the email to know from which machine does it comes.

foggy
Veeam Software
Posts: 19652
Liked: 1806 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: SPAMM

Post by foggy »

Actually, it could even be the message from outside your company. It definitely worth tracing the e-mail route.

jamerson
Expert
Posts: 316
Liked: 18 times
Joined: May 01, 2013 9:54 pm
Full Name: Julien
Contact:

Re: SPAMM

Post by jamerson »

foggy wrote:Actually, it could even be the message from outside your company. It definitely worth tracing the e-mail route.
i was thinking the same !

Dima P.
Product Manager
Posts: 11960
Liked: 1081 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: SPAMM

Post by Dima P. »

D C,
Thank you, im 100% sure its not installed on my machine, headers said the ip is located very far away from me, what i need to know is for whoever installed it, what he needed to know about my domain to install it?
Unfortunately, there is no way to prevent you from getting SPAM from the recipient who pretends to be an email user of your domain. It is a global email issue – any SMTP server with no authentication (and that could be open source email hosting) will send an email to any valid recipient. Hopefully one day all open source SMTP servers would use authentication.

I suggest you looking into AntiSpam solutions and DNS spamlists to be implemented into your exchange. By the way - a good practice is to create an SPF record for your domain. :wink:

jamerson
Expert
Posts: 316
Liked: 18 times
Joined: May 01, 2013 9:54 pm
Full Name: Julien
Contact:

Re: SPAMM

Post by jamerson »

if his env. using SMTP spam like Baraccuda he can find te source of the sender and he could simply block the IP if it external !

Dima P.
Product Manager
Posts: 11960
Liked: 1081 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: SPAMM

Post by Dima P. »

SPF record would work better as it would actually mark IP addresses responsible for the company’s domain email delivery, without additional costs, but unfortunately that would not save company email users from getting multiple bounce back notifications in case email would be spoofed...

ITP-Stan
Service Provider
Posts: 108
Liked: 12 times
Joined: Feb 18, 2013 10:45 am
Full Name: Stan (IF-IT4U)
Contact:

Re: SPAMM

Post by ITP-Stan »

d.popov wrote: Unfortunately, there is no way to prevent you from getting SPAM from the recipient who pretends to be an email user of your domain.
Offcourse there is, SPF records are used exactly for this!

The main goal, is using exchange tracking to see if the messages comes from inside the organization or outside.

Dima P.
Product Manager
Posts: 11960
Liked: 1081 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: SPAMM

Post by Dima P. »

ITP-Stan,

As I mentioned before - creation of the SPF would only save your domain being spoofed. The funny thing is that original recipient would not get spam message send on behalf of your domain because of the SPF record preventing your domain being spoofed but your domain mailboxes would get bounce backs each time such spam message is rejected. Some spam bots are actually using this scenario to deliver spam in bounce back messages.

For tracking purposes - mail headers in outlook or exchange server tracking could be used.

ITP-Stan
Service Provider
Posts: 108
Liked: 12 times
Joined: Feb 18, 2013 10:45 am
Full Name: Stan (IF-IT4U)
Contact:

Re: SPAMM

Post by ITP-Stan »

That's wrong.
You won't get many (or almost non) bounce messages, because almost all mailservers will close the connection and don't accept the message when the SPF record doesn't allow the sender IP to use the domain. Or they do accept it but don't send bounces when the SPF fails.
So no bounces are send. Mailservers who don't follow these rules quickly end up on blacklists, so you can be sure that 99% of them follows these rules.

One thing that you must take into account for a Microsoft AD, if your internal and external domain are the same, you need to define the SPF record on your internal DNS as well.

Dima P.
Product Manager
Posts: 11960
Liked: 1081 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: SPAMM

Post by Dima P. »

ITP-Stan,

Sounds good, but it seems this conversation went too far from the original poster's question. If you have any Veeam B&R related questions I would gladly help you with them. Thank you!

Gostev
SVP, Product Management
Posts: 27118
Liked: 4438 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: SPAMM

Post by Gostev »

I cannot complain about this particular offtopic. I've learned a few things ;)

Post Reply

Who is online

Users browsing this forum: Bing [Bot], Google [Bot], toshihiro and 34 guests