locked
Need to find the answer to a bit if a spoofing issue. RRS feed

  • Question

  • So the user copier dosn't exist in this e-mail system.  It was sent from a remote netowrk.  The ip address is on a black list.  The other problem is that you can send e-mails using a valid e-mail address with out authentication to e-mails address with in the domain.

    Here are the headers of the message

    Received: from dc02.gjcomputer2.local (192.168.0.245) by
     dc02.gjcomputer2.local (192.168.0.245) with Microsoft SMTP Server (TLS) id
     15.0.1178.4 via Mailbox Transport; Wed, 20 Jul 2016 05:11:16 -0600
    X-Spam-Status: No, score=2.9, required= 3.5
    X-MS-Exchange-Organization-PCL: 0
    X-MS-Exchange-Organization-SCL: 0
    X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) * on
    dc02.gjcomputer2.local * at Wed, 20 Jul 2016 04:50:02 -0600
    X-Spam-Status: No, score=2.9, hits=2.9, required= 5, autolearn=no
    autolearn_force=no, shortcircuit=no
    X-Spam-Report: *  3.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
    *      [39.43.63.105 listed in zen.spamhaus.org]
    * -0.5 BAYES_05 BODY: Bayes spam probability is 1 to 5%
    *      [score: 0.0324]
    *  0.1 HELO_MISC_IP Looking for more Dynamic IP Relays
    X-Process: ESTProcessDone
    X-Backup: ESTBackupDone
    Received: from dc02.gjcomputer2.local (192.168.0.245) by
     dc02.gjcomputer2.local (192.168.0.245) with Microsoft SMTP Server (TLS) id
     15.0.1178.4; Wed, 20 Jul 2016 05:11:06 -0600
    Received: from [39.43.63.105] (39.43.63.105) by gjcomputer.com (192.168.0.245)
     with Microsoft SMTP Server id 15.0.1178.4 via Frontend Transport; Wed, 20 Jul
     2016 05:11:05 -0600
    Date: Wed, 20 Jul 2016 16:11:03 +0500
    To: <jeremy@gjcomputer.com>
    From: "copier@" <copier@gjcomputer.com>
    Sender: <copier@gjcomputer.com>
    Reply-To: <copier@gjcomputer.com>
    Subject: Scanned image from copier@gjcomputer.com
    Message-ID: <20160720174568.91FA.COPIER@gjcomputer.com>
    X-Mailer: Network Scanner System
    Content-Type: multipart/mixed; boundary="SmTP-MULTIPART-BOUNDARY-7C40F11F"
    Content-Transfer-Encoding: 7bit
    MIME-Version: 1.0

    Wednesday, July 20, 2016 5:32 PM