Good morning,
Few minutes ago, I received an email from administrator@my sbs domain name(.com) with the subject: "To All Employee's - Important Address UPDATE".
As far as I see on AD, "administrator" account is still disabled.
The email headers attached (I censored my domains to MYCOMPANY...).
Any thoughts?
Maybe some of my "receive connectors" configurations expose my server to phishing?
Many thanks!
Received: from speedtouch.lan (190.80.251.74) by remote.MYDOMAINNAME.com ([myserversIP]) with Microsoft SMTP Server id 14.2.318.4; Mon, 19 Nov 2012 09:53:06 -0500 Received: from MAIL18.MYDOMAINNAME.com (10.0.0.74) by MYDOMAINNAME.com (10.0.0.83) with Microsoft SMTP id 8A4F14RD; Mon, 19 Nov 2012 08:53:04 -0600 Received: from MAIL17.MYDOMAINNAME.com (10.110.114.184) by smtp.MYDOMAINNAME.com (10.0.0.66) with Microsoft SMTP id ACI8SV4O; Mon, 19 Nov 2012 08:53:04 -0600 MIME-Version: 1.0 Date: Mon, 19 Nov 2012 08:53:04 -0600 To: <MYUSER@MYDOMAINNAME.com> From: Administrator <administrator@MYDOMAINNAME.com> Reply-To: Administrator <administrator@MYDOMAINNAME.com> Subject: To All Employee's - Important Address UPDATE Message-ID: <4JLUPCZZ5BRZE5CFHVA6M1FXOY4T.6660217631.4@MYDOMAINNAME.com> x-xerox-mail-id: 2DG465ZJE1SKPXD54JKHK42IGOKZ Content-Type: multipart/mixed; name="winmail.dat"; boundary="----=_Part_40055_9380136380.1807219665991" Content-Transfer-Encoding: binary Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: <UL0ZO2K5QI6B18V58RRP@MAIL6.MYDOMAINNAME.com> X-Originating-IP: [192.168.7.16] X-Auto-Response-Suppress: DR, OOF, AutoReply Return-Path: NO-REPLY@MYDOMAINNAME.com boundary=----=_Part_40055_9380136380.1807219665991 X-MS-Exchange-Organization-AuthSource: MYSERVERNAME.MYCOMPANYNAME.local X-MS-Exchange-Organization-AuthAs: Anonymous X-MS-Exchange-Organization-PRD: MYDOMAINNAME.com X-MS-Exchange-Organization-SenderIdResult: None Received-SPF: None (MYSERVERNAME.MYCOMPANYNAME.local: administrator@MYDOMAINNAME.com does not designate permitted sender hosts)
