We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Badmail from postmaster

klh-asi
klh-asi asked
on
Medium Priority
672 Views
Last Modified: 2009-07-29
My exchange server seems to be allowing the postmaster@mydomain.com to send & receive mail with virus attachments.  My virus scanning software stops it before it sends it out or receives it.  It seems like different username is sending it out with the name of postmaster being used instead.

These files are being sent to the badmail folder & causing it to be filled up.  I have tried many troubleshooting options but none of them seem to have worked.  The badmail problem has just became a problem a week ago.  I have slowed them down to a handfull a day compared to thousands in a day.

I have not tried this yet, can the postmaster be removed as an email address?

It is hard to explain what is happening.  So, it you have any questions just ask.

Thanks.
Comment
Watch Question

Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

Author

Commented:
How can the postmaster send it to a_made_up_name@mydomain.com?  Thanks for the comment.  

Commented:
Probably a dictionary harvest attack.  It's hard to say on a message board like this without being there.  :)

Dictionary harvest attacks involve a spammer traversing through your directory by sending to fake names and discarding "user unknowns".  They can use any sender they want, including postmaster.  There are solutions for DHAs, but they are expensive.  They act as sort of an Email IDS.  Ironport, Trend, CipherTrust and others all have solutions that can key in on multiple rcpt to's and drop connections when certain conditions are met, like x number of "user unknowns" in a given time fram.

The strangeness that comes into the average postmaster mailbox is mind boggling at best.

OneHump
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.