asked on

Strange messages in out queue

I have an Exchange Server 5.5 that gathers about 100 or so strange messages in the Outbound Awaiting Delivery queue every day in a slow trickle.

They look like spam or virus related things - they will have no originator and the destination is always some sort of loopy bs address like aaa5.8m.com, groogle.com, or the like. They fail with a [network error during host resolution] message and just build up out there in the queue. I have been purging them manually, but am concerned about their source.

We are not open relaying - everything requires authentication and I've been through the process of covering relay holes. We WERE at one time open relaying and were being used for spam for about a month before I found it, several years ago. I am also pretty confident that no one is purposefully using a mass mailer inside the building. We are well antivirused, so I don't think someone is hosting a trojan innocently.

Can anyone help me identify the source of these messages and determine how to fix the root problem behind it?

getzjd

These are probably NDR's that spammers are using to send email now. Turn off NDR's or you will have to use a 3rd party software solution. Only exchange 2003 has the ability to filter out these emails automatically. http://www.cmsconnect.com/ or I believe GFI mail essentials will help out also.

Read this to understand a reverse NDR attack http://www.cmsconnect.com/Praetor/RNDR/prRNDR.htm

breid7718

ASKER

I can find Administratior notifications for NDRs (and have them turned off) on the IMS property page, but I don't see an option to actually turn off NDRs. Where can I find that option?

ASKER CERTIFIED SOLUTION

getzjd

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial