As of this Saturday I checked my email and noticed i had a couple of hundred NDR emails that were going to random email addresses-- so far it appears that its only effecting me (Our old website exposed my email address back in the day so i have always gotten alot of spam)
I checked my Queue box in Exchange and there are none of these emails in there except those that are legitimate-- three are in there. I have gone to a couple of websites to verify if i have an open relay-- all have said i passed. I think these emails are possibly spoofed with my email address going to some other server and then the server sends a NDR which goes back to me instead of the spammer. I have no idea how to block this, and at the moment my inbox is up to 600 emails. Some of the spam is below:
Please note that none of the IP's listed belong to my domain (i used mydomain for my domain name)
***********
Your message did not reach some or all of the intended recipients.
Subject: Breitling
Sent: 3/30/2008 7:40 AM
The following recipient(s) cannot be reached:
rddcdd@rddc.org on 3/30/2008 9:27 AM
The e-mail system was unable to deliver the message, but did not report a specific reason. Check the address and try again. If it still fails, contact your system administrator.
< u15156582.onlinehome-serve
r.com #5.0.0 X-Postfix; host mail.rddc.org[69.55.64.33]
said: 550 <rddcdd@rddc.org>: Recipient address rejected: User unknown in virtual mailbox table (in reply to RCPT TO command)>
HEADER file:
Microsoft Mail Internet Headers Version 2.0
Received: from u15156582.onlinehome-serve
r.com ([217.160.252.227]) by mail.mydomain.aero with Microsoft SMTPSVC(6.0.3790.3959);
Sun, 30 Mar 2008 09:26:55 -0700
Received: by u15156582.onlinehome-serve
r.com (Postfix)
id 70ACD101757D; Sun, 30 Mar 2008 12:26:55 -0400 (EDT)
Date: Sun, 30 Mar 2008 12:26:55 -0400 (EDT)
From: MAILER-DAEMON@u15156582.on
linehome-s
erver.com (Mail Delivery System)
Subject: Undelivered Mail Returned to Sender
To: steven.sims@mydomain.aero
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-statu
s;
boundary="3A1531017598.120
6894415/u1
5156582.on
linehome-s
erver.com"
Message-Id: <20080330162655.70ACD10175
7D@u151565
82.onlineh
ome-server
.com>
Return-Path: <>
X-OriginalArrivalTime: 30 Mar 2008 16:26:55.0997 (UTC) FILETIME=[DEB692D0:01C8928
2]
--3A1531017598.1206894415/
u15156582.
onlinehome
-server.co
m
Content-Description: Notification
Content-Type: text/plain
--3A1531017598.1206894415/
u15156582.
onlinehome
-server.co
m
Content-Description: Delivery report
Content-Type: message/delivery-status
--3A1531017598.1206894415/
u15156582.
onlinehome
-server.co
m
Content-Description: Undelivered Message
Content-Type: message/rfc822
Received: from abzv34.neoplus.adsl.tpnet.
pl (abzv34.neoplus.adsl.tpnet
.pl [83.9.67.34])
by u15156582.onlinehome-serve
r.com (Postfix) with ESMTP id 3A1531017598
for <rddcdd@rddc.org>; Sun, 30 Mar 2008 12:26:54 -0400 (EDT)
Message-ID: <000901c89282$0765c502$b65
870bf@kbnq
eh>
From: "kliment yi" <steven.sims@mydomain.aero
>
To: <rddcdd@rddc.org>
Subject: Breitling
Date: Sun, 30 Mar 2008 14:39:34 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_0
00_0006_01
C89282.076
4B1F4"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
------=_NextPart_000_0006_
01C89282.0
764B1F4
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding:
quoted-printable
------=_NextPart_000_0006_
01C89282.0
764B1F4
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding:
quoted-printable
------=_NextPart_000_0006_
01C89282.0
764B1F4--
--3A1531017598.1206894415/
u15156582.
onlinehome
-server.co
m--
***********
Your message did not reach some or all of the intended recipients.
Subject: Perfectly crafted luxury timepieces
Sent: 3/30/2008 7:35 AM
The following recipient(s) cannot be reached:
jmerrick@scottins.com on 3/30/2008 9:22 AM
You do not have permission to send to this recipient. For assistance, contact your system administrator.
< smtp.scottins.com #5.7.1 smtp; 550 5.7.1 Message content rejected, UBE, id=20677-02-12>
HEADER file:
Microsoft Mail Internet Headers Version 2.0
Received: from smtp.scottins.com ([64.203.172.3]) by mail.mydomain.aero with Microsoft SMTPSVC(6.0.3790.3959);
Sun, 30 Mar 2008 09:22:00 -0700
MIME-Version: 1.0
From: Barracuda Spam Firewall <postmaster@scottins.com>
Message-Id: <000601c89282$060d0a66$e6f
ef2af@qdjt
m>
Subject: **Message you sent blocked by our bulk email filter**
Content-Type: multipart/report; report-type=delivery-statu
s;
charset=utf-8;
boundary="----------=_1206
894119-206
77-27"
To: <support@mydomain.aero>
Date: Sun, 30 Mar 2008 12:21:59 -0400 (EDT)
Return-Path: <>
X-OriginalArrivalTime: 30 Mar 2008 16:22:00.0268 (UTC) FILETIME=[2E71E8C0:01C8928
2]
------------=_1206894119-2
0677-27
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding:
base64
------------=_1206894119-2
0677-27
Content-Type: message/delivery-status
Content-Disposition: inline
Content-Transfer-Encoding:
7bit
Content-Description: Delivery error report
------------=_1206894119-2
0677-27
Content-Type: text/rfc822-headers
Content-Disposition: inline
Content-Transfer-Encoding:
7bit
Content-Description: Undelivered-message headers
------------=_1206894119-2
0677-27--
***********
My Exchange Server settings:
Exchange 2003
All protocols are disabled except SMTP/HTTP
SMTP/Access tab/Relay
Only the list below is selected
Computers in window is my IP range ex 10.10.52.0 (255.255.255.0)
Allow all computers which successfully authenticate to relay, regardless of the list above IS checked.
Under Connectors/ Internet Mail properties
Address Space tab
Computers in window *.mydomain.aero, and *
Allow messages to be relayed to these domains is unchecked
Apply Recipient filtering is enabled along with TAR pit enabled.
We have a single Exchange sever.
Please any help with this would be really appreciated.
Start Free Trial
