• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 298
  • Last Modified:

Undeliverable spam mail from the System Administrator clogging inbox that was never sent in the first place

A collegue of mine is receiving hundreds of emails from the system administrator in his inbox with the subject: "Undeliverable" at the begining.

The problem is that the emails are caused by sending mail to a non-existent email address. However he is not sending any emails to any of the addresses. We think there is a virus on an external computer that has his email address and is sending out hundreds of email to 'made-up' email addresses. When these email addresses get rejected then he is receiving all the Undeliverable messages in his inbox.

Is there anyway to either
1. prevent the mail at our end
2. stop the system administrator emails
3. automatically move the system administrator emails to a seperate folder.
4. any other suggestions....

I have tried setting up a rule in Microsoft office but this will not work as it says it's an internal email.
We are running Microsoft Exchange.

1 Solution
Which version of Exchange?

This sounds like an NDR attack.
First thing I would do is disable system administrator messages on the SMTP virtual server.

On the Messages tab, clear the box "Send copy of Non-Delivery Report to:"
You may want to disable NDRs in ESM as well.

Have you looked at the queues? There may be a large number of messages waiting which would also indicate that they are being sent through your server.

There are some other options, but further diagnostics is dependant on the Exchange version and what is in the queues.


Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Tackle projects and never again get stuck behind a technical roadblock.
Join Now