One of my exchange users got an email that bounced back to them. They did not send the email and I'm a little confused at how they got it. I looked through the logs and do not see the email leaving our server. So I guess that is good, no open relay. However I'm a little worried about it still.
If this did not come from our server, how do I prevent this from happening?
Here is the header. I left everything as the original, except I change the following.
mailserver.outdomain.com (was our servers name)
143324627.79013003854714@ourdomain.com (did have our real domain)
PARIS FENTON (did have a valid user email, Paris Fenton was not the users name but was in the original header)
Return-Path: <anor@sietsemafarms.com>
Received: from ppp005055110157.access.hol.gr (ppp005055110157.access.hol.gr
[5.55.110.157]) by ftcpcs66l.faraday.com.tw (8.12.11/8.12.11) with ESMTP id
t5FEgqMk024190 for <maxmao@faraday-tech.com>; Mon, 15 Jun 2015 22:42:54 +0800
Received: from [5.55.110.157] by mailserver.ourdomain.com; Tue, 16 Jun 2015
00:49:41 +0200
Date: Tue, 16 Jun 2015 00:49:41 +0200
From: PARIS FENTON <validuser@ourdomain.com>
X-Mailer: The Bat! (v2.11) Business
Reply-To: <validuser@ourdomain.com>
X-Priority: 3 (Normal)
Message-ID: <143324627.79013003854714@ourdomain.com>
To: <someperson@somedomain.com>
Subject: You can increase the time of your act
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-MS-Exchange-Organization-AVStamp-AVG: 2013.0.3495 [4311.0.0/10020];0;
X-MS-Exchange-Organization-AVStamp-Mailbox: AVGESE;14331;0;
