A couple of things come to mind right off the bat. <Blast shields up> 1. You should not be using Exchange server if you do not know the basics, like how to figure out what mail box outgoing e-mail is going through. 2. You should not be using Exchange server (or any e-mail server) these days unless you have a competent Anti-Virus software that is scanning incoming and outgoing messages for viruses and vulnerabilities. 3. You should not be using Exchange server unless you know how to start changing passwords in an urgent situation such as the one you are in to STOP the spread of viruses NOW, and then take a breath and start investigating what is going on. 4. You should not be using any e-mail server unless you know how to read message headers to even figure out in the first place if the messages are indeed even flowing through your server. <Blast shields down> First, you have to make sure that these are actually flowing through your server. Most of the viruses out there right now forge the return address, meaning it is saying it is coming from myfriendlybuddyihaveknownsincesecondgrade@xxxxxxxxxxxxxxxxx <mailto:myfriend@xxxxxxxxxxxxxxxxx> when it is really from heyeveryoneiaminfectedwithavirusanddonotknowaboutitbutohwell@bigfatmajorstup idisp.net. 2nd, you need to look at the logs and message tracking to see which account they are going through. Is it a workstation on the LAN or remote? You said you do not have a virus on the server. Goody. Unless you have an e-mail account set up on the server in Outlook or Outlook Express and opened e-mail in that account on the server, the virus that is sending out these infected e-mails is not going to be on the server anyways. You need to look at computers on the LAN or remote users or what ever it is you have. (This is not to say you do not need anti-virus on the server to protect the server itself, you do. But that has no affect on message flowing through Exchange. You have to have specific AV software designed for Exchange or working in a gateway mode for that.) You mentioned anonymous access. There are several places where that is configured. Now, if you are talking about relay settings, then blast shields back up. YOU BETTER UNDERSTAND WHAT RELAYING IS AND HOW TO CONTROL/PREVENT IT, or you have no business running an e-mail server. OK, my heat shields are up and ready. Fire away. John Tolmachoff Engineer/Consultant/Owner eServices For You -----Original Message----- From: Basiru Ndow [mailto:bndow@xxxxxxxxxxxx] Sent: Saturday, June 26, 2004 5:26 AM To: [ExchangeList] Subject: [exchangelist] E-mail Spoofing http://www.MSExchange.org/ Hi All, I am using exchange 2003 and one of my e-mail accounts is been used to send out msgs with virus attachments to a mailing list that I subscribe to. I know I am not sending those msgs and also my server does not have any viruses. I have try turning off anonymous access but not sure if that will help. any help will be appreciated. Thanks ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: johnlist@xxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist