Here is the censored header:
Internal User 1 is the receiving party and internal user 2 is the supposed sender.
Received: from mail.MYDOMAIN.com (192.168.1.250) by
mail.MYDOMAIN.com (192.168.1.3) with Microsoft SMTP Server (TLS) id
14.2.347.0; Fri, 9 Oct 2015 09:20:32 -0500
Received: from p3plsmtp17-03-2.prod.phx3.secureserver.net
([173.201.193.166]:52307 helo=p3plwbeout17-03.prod.phx3.secureserver.net) by
mail.MYDOMAIN.com with esmtps (TLSv1.2: DHE-RSA-AES128-SHA:128) (Exim
4.82_1-5b7a7c0-XX) (envelope-from ) id
1ZkYX2-0001Iu-1n for internaluser1@MYDOMAIN.com; Fri, 09 Oct 2015 09:20:24
-0500
Received: from localhost ([173.201.193.244]) by
p3plwbeout17-03.prod.phx3.secureserver.net with bizsmtp id
T2FM1r0015GqqD1012FMnN; Fri, 09 Oct 2015 07:15:21 -0700
X-CTCH-RefID: str=0001.0A020201.5617CD28.01F2,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
X-SID: T2FM1r0015GqqD101
Received: (qmail 17723 invoked by uid 99); 9 Oct 2015 14:15:21 -0000
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset="utf-8"
X-Originating-IP: 154.118.20.191
User-Agent: Workspace Webmail 5.15.9
Message-ID:
From: Internal User 2
X-Sender: accounting2@ralogistics.us
Reply-To: Internal User 2
To:
Subject: Transfer
Date: Fri, 9 Oct 2015 07:15:19 -0700
MIME-Version: 1.0
Return-Path: accounting2@ralogistics.us
X-MS-Exchange-Organization-AuthSource: EX2010.int.mydomain.com
X-MS-Exchange-Organization-AuthAs: Anonymous
We have an SPF record setup with a hard fail. I read a similar post that recommended blocking external email from our domain, but we have another company that sends mail on our behalf, including sending to us. Any ideas on how we can prevent this from happening again?
I have blocked the actual source domain of the email, but it won't take much for the spammer to change..
Thanks!
Bob
This thread was automatically locked due to age.
