Can someone please point me in the direction to prevent this please?
Scan from a Xerox WorkCentre
Incoming Fax
Scan_281_10292013_001.zip
Please download the document. It was scanned and sent to you using a Xerox multifunction device.
File Type: pdf
Download: Scanned from a Xerox multi~7.pdf
multifunction device Location: machine location not set Device Name: Xerox0923
For more information on Xerox products and solutions, please visit http://www.xerox.com
Received this morning.
We have No Fax Machine
No Xerox Machines
and No email address "Incoming.fax7"
How do I set the SMTP server to only allow to send from those addresses created?
Thanks for your time.
With so limited information you're giving you will not get many answers.... Start by looking at the email headers.... and then follow the guides for configuring the servers' restrictions...
Return-Path: <fraud@aexp.com>X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.amsmail.co.uk
X-Spam-Level: ***
X-Spam-Status: No, score=3.5 required=5.0 tests=RCVD_IN_BL_SPAMCOP_NET,
RCVD_IN_BRBL_LASTEXT,RCVD_IN_SORBS_WEB,T_TVD_MIME_NO_HEADERS,URIBL_BLOCKED
autolearn=no version=3.3.1
X-Original-To: alex.nicol@amsmail.co.uk
Delivered-To: alex.nicol.amsmail@mail.amsmail.co.uk
Received: from 059148240218.ctinets.com (059148240218.ctinets.com [59.148.240.218])
by mail.amsmail.co.uk (Postfix) with ESMTP id 5A0DA2A0C44;
Tue, 29 Oct 2013 09:44:12 +0000 (GMT)
Received: from Xerox.Device627.amsmail.co.uk (10.0.0.48) by amsmail.co.uk (10.0.0.124) with Microsoft SMTP Server (TLS) id JJ0WFB1D; Tue, 29 Oct 2013 17:43:31 +0800
Received: from Xerox8626.amsmail.co.uk (10.44.45.52) by smtp.amsmail.co.uk (10.0.0.86) with Microsoft SMTP Server id XXSTGAV5; Tue, 29 Oct 2013 17:43:31 +0800
Date: Tue, 29 Oct 2013 17:43:31 +0800
From: "Incoming Fax" <Incoming.Fax7@amsmail.co.uk>
X-MS-Has-Attach: yes
X-MS-Exchange-Organization-SCL: -1
X-MS-TNEF-Correlator: <GZ51QJVVTLHU7TST37M9UL8WU6XTYIW0K87M5H@amsmail.co.uk>
X-MS-Exchange-Organization-AuthSource: PO2R40RNASSQJOR@amsmail.co.uk
X-MS-Exchange-Organization-AuthAs: Internal
X-MS-Exchange-Organization-AuthMechanism: 04
X-MS-Exchange-Organization-AVStamp-Mailbox: MSFTFF;4;0;0 0 0
X-Priority: 3 (Normal)
Message-ID: <SLN6JTK88BZP1EBAWTKWTUV2CTAGTIHDRV35LC@amsmail.co.uk>
To: <alex.nicol@amsmail.co.uk>,
<brendan.mitchell@amsmail.co.uk>
Subject: Scan from a Xerox WorkCentre
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="_004_HNQ4BG15ULAQID519CZJY81XNFB08JJEQHDAOV6918AF6MCDOPAAUT0_"
We get several that say SOMETHING@amsmail.co.uk
then others that come from things like @sage.com, @natwest.com etc. Each time is a different received from address and IP.
It's just spam or a virus (if a PDF is attached, better do NOT click it!) that apparently got through your filters. It was actually sent from this IP:
Received: from 059148240218.ctinets.com (059148240218.ctinets.com [59.148.240.218]) by mail.amsmail.co.uk (Postfix) with ESMTP id 5A0DA2A0C44;Which is a system in china: http://whois.domaintools.com/59.148.240.218