• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 401
  • Last Modified:

MS Exchange - unknown recepient for non-existing addresses


Telnet  mymail.com 25
220 mymail.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.211 ready at  Thu, 24
Mar 2005 17:11:49 +0400
helo aaa
250 mymail.com Hello [X.X.X.X]
mail from: nobody
250 2.1.0 nobody@mymail.com....Sender OK
rcpt to: administrator
250 2.1.5 administrator@mymail.com
354 Please start mail input.
250 Mail queued for delivery.
But on the MDAEMON mail server I have following:

mail from: nobody
550 <nobody@mymail.com>, Sender unknown

Why I can send mail from unknown users (nobody) to the local recepients  ?
I have relay closed on my exchange (unable to relay for non-aunteticated users)
I have recepient filtering on

Is this MS Exchange problem or I can sort it out ?


  • 3
  • 2
1 Solution
It looks like your Exchange server is working correctly.

Exchange will always accept email destined for it, then NDR it later.
It also doesn't matter what you put in the "From" line, as Exchange doesn't use that as a validation - how can it?

The only way to stop it accepting email for non existent users is to use a third party tool that can do LDAP lookups. GFI Mail Essentials can do that, there are probably some others that can as well.

ilikoAuthor Commented:
Is this mean: everybody can telnet into my Exchange machine and send me email from abusing receipient names ?
And I can overcome this only using GFI Nail Essentials or similar 3-rd party software ?

But why Mdaemon prevent from sending messages in this way ?
NDR attacks are quite common against an Exchange server. Some people want to accept email for any user at their domain, so spammers take advantage of that.

Exchange 2003 has a built in filtering option which can do the LDAP lookups for you, but with Exchange 2000 you must use 3rd party.

Why? You will have to ask the Exchange developers. That is the way that it is, and we have to live with it.

ilikoAuthor Commented:

I am not receiving NDR's, I am receiving messages from NOBODY@ANYTHING.COM !
By the way I have Exchange 2003 - is this mean I can prevent these issues with LDAP filtering ?

Of course I can close sender's IP/subnet on the firewall, but this is not the right solution ...
It is important that you say which version of Exchange that you have - as there are some differences between the versions.

Filtering non existent users is built in to Exchange 2003

While you may not be receiving the NDRs, they can be used.
An NDR attack is where lots of messages are sent to your domain with invalid addresses on purpose. The "from" header is faked and is the address that the spammer is trying to send to. Your Exchange server NDRs the message, to the person who "sent" it, except they didn't send it, but Exchange tries to deliver it to them.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now