troubleshooting Question

I.T. distribution group keeps recieving 2 emails from Mailsweeper 4.3 and Exchange server2003 server nearly every morning but I do not know where they are coming from?

Avatar of gpersand
gpersand asked on
Exchange
30 Comments1 Solution462 ViewsLast Modified:
I am working in a Windows2003/Exchange2003 network environment and we are running mailsweeper 4.13. We also use a messagelabs service to scan all our incoming and outgoing mail. This is done externally at messagelabs.
The I.T. distribution group keeps recieving 2 emails of a spam nature every morning but I am not too sure where they are coming from and why.

The first to arrive is as below:
"From: Postmaster@company.co.uk
To:it.dept@company.co.uk

Your message has encountered delivery problems to the following recipient(s):
Sent:    MAIL FROM:<it.dept@company.co.uk> SIZE=3142
Received:554 5.1.0 Sender Denied"

The postmaster account is an alias for the AD domain administrator account.
This is strange to me as it says that the email is from the postmaster@company.co.uk to the it.dept@company.co.uk. Although the message contents states that the message was sent from it.dept@company.co.uk.

There are two attachments to this notification. The first is a .dat file and the other is a text file which states:
"Reporting-MTA: dns; mailsweeper1.company.co.uk
Received-From-MTA: dns; mail59.messagelabs.com (unverified [196.106.250.69])
Arrival-Date: Sun, 12 Feb 2006 10:55:13 +0000"

What is this message trying to tell me?


The second message to appear arrives at the exact same time and reads:
"From: System Administrator
To:john.smith@company.co.uk (this is my email address. All members of the it tech group recieve this email addressed to their specific mailbox)

Your message did not reach some or all of the intended recipients.
Subject:Perfect identity design. This is why people come to Logoway.
Sent:12/02/2006 10:54
The following recipient(s) could not be reached:
IT Tech Support on 12/02/2006 10:55
The e-mail address could not be found.  Perhaps the recipient moved to a different e-mail organization, or there was a mistake in the address.  Check the address and try again.
< mailsweeper1.company.co.uk #5.1.0 smtp; 554 5.1.0 Sender Denied>"


I have looked for the System Administrator account to run a message track but I cannot find it anywhere.
These emails appear nearly every day and we are having problems stopping them.
Please can an expert help me resolve this issue or at least clarify what is happening here.
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 30 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 30 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros