Solved

Badmail from postmaster

Posted on 2004-03-26
3
639 Views
Last Modified: 2009-07-29
My exchange server seems to be allowing the postmaster@mydomain.com to send & receive mail with virus attachments.  My virus scanning software stops it before it sends it out or receives it.  It seems like different username is sending it out with the name of postmaster being used instead.

These files are being sent to the badmail folder & causing it to be filled up.  I have tried many troubleshooting options but none of them seem to have worked.  The badmail problem has just became a problem a week ago.  I have slowed them down to a handfull a day compared to thousands in a day.

I have not tried this yet, can the postmaster be removed as an email address?

It is hard to explain what is happening.  So, it you have any questions just ask.

Thanks.
0
Comment
Question by:klh-asi
  • 2
3 Comments
 
LVL 10

Accepted Solution

by:
OneHump earned 200 total points
ID: 10688571
You really don't want to mess with postmaster.  To be RFC compliant, you really need a working postmaster address.  What you are seeing is a virus out there spoofing your postmaster address when sending to your addresses or others on the Internet.  It's a chronic and currently uncorrectable problem that everyone is dealing with right now.

My best suggestion is to create a rule that keys in certain garbage words to get rid of NDRs and warnings and write a batch file to clear out your badmail folder and schedule it to run every week or so.

OneHump
0
 

Author Comment

by:klh-asi
ID: 10689057
How can the postmaster send it to a_made_up_name@mydomain.com?  Thanks for the comment.  
0
 
LVL 10

Expert Comment

by:OneHump
ID: 10689290
Probably a dictionary harvest attack.  It's hard to say on a message board like this without being there.  :)

Dictionary harvest attacks involve a spammer traversing through your directory by sending to fake names and discarding "user unknowns".  They can use any sender they want, including postmaster.  There are solutions for DHAs, but they are expensive.  They act as sort of an Email IDS.  Ironport, Trend, CipherTrust and others all have solutions that can key in on multiple rcpt to's and drop connections when certain conditions are met, like x number of "user unknowns" in a given time fram.

The strangeness that comes into the average postmaster mailbox is mind boggling at best.

OneHump
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Method to deal with "too many folders" in Outlook 7 60
Exchange powershell help 2 28
Cannot view members of new distributionlist 2 28
Lync 2010 4 18
We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question