Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Multiple bogus emails in my Exchange 2003 smtp outgoing queue

Posted on 2006-04-05
10
Medium Priority
?
613 Views
Last Modified: 2008-02-01
I have a server with Windows 2000 and Exchange 2000 server installed. This box is the email server for this company and its IP is the MX record for their domain.  In the exchange system manager, protocols, smtp, default smtp virtual server, queues, I have a multitude of listings that keep appearing. They all have the little blue arrow on the icon to the left of the listing and if I enumerate the listing they all show an email from postmaster@domain.com. Some of the names of the listings are: my.biglovedating.com, ihub.com, queerplaces.com, my.love.proext.com, etc. You get the point - they are bogus. I suspect that I have an email virus on one of the 40 machines that are here and it is trying to send out these emails. I have Symantec Antivirus Corporate Edition v10 on the servers and workstations and it updates and scans all nightly. I have done a Google and Symantec search on some of the bogus URLs and have come up with nothing. Perhaps I am wrong about what the problem is and would like to find out what is going on. I have done a test on the exchange server and it is reporting that it is not an open relay.

Any help in identifying the problem would be appreciated. If it is an email virus how would I identify the offending workstation?

0
Comment
Question by:dashman
  • 4
  • 3
  • 3
10 Comments
 
LVL 1

Expert Comment

by:maderosia
ID: 16383990
Are you sure that these are not NDR's (non delivery reports) from emails comming into your envrionment? Try turning off NDR's and clear the queues and see if they fill back up. This should help in troubleshooting.
0
 
LVL 104

Accepted Solution

by:
Sembee earned 2000 total points
ID: 16384122
Sounds like NDR spam.

Exchange 2000 doesn't really have the tools to deal with this. I don't like recommending that NDRs are disabled as that can have other consequences for the business.
You need to look at putting in an application that can do LDAP lookups and deal with those types of messages. GFI Mail Essentials is on such application.

If your queues are very fully and you need assistance in clearing them, then I have instructions on my web site:
http://www.amset.info/exchange/spam-cleanup.asp

Simon.
0
 
LVL 1

Expert Comment

by:maderosia
ID: 16384220
Correct. I agree that turning off NDR's perminately is a bad solution. I would only do this to pinpoint the issue.

Mark
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:dashman
ID: 16388450
I will try and run the cleanup you suggested. I should also mention that my bad mail is filling up faster than the smtp queues. They are all addressed to a bogus user or users@ourdomain.com. Is this email that is coming into our server and requesting a return email? Not sure exactly how that works.
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16390359
Have you service packed your Exchange server?
Badmail support was disabled by default in service pack 1, but if you are seeing your badmail folder fill up you are either not running the latest service pack or you have enabled badmail.

Badmail is simply a copy of every non-delivered message that the Exchange server deals with.

Simon.
0
 

Author Comment

by:dashman
ID: 16391294
I checked the version number for Exchange and it is build 6249.4 which you indicate is SP3. I do not remember turning on bad mail, but if it can be turned off I would like to do that. How do I do it? Do you recommend applying the post sp3 update and then the hotfix?
So it seems that my situation is that I am getting a lot of spam addressed to non existing users at my domain. The messages cannot be delivered so it is filling up the bad mail and also that is what is showing up in the smtp queues and that it is not an email virus trying to use me as an smtp server. Is that a correct assetment of the situation? Is there anything that I can do about this or should I not concern myself over it? Thanks in advance for all your help.
0
 
LVL 1

Expert Comment

by:maderosia
ID: 16391513
Yes, you are getting spammed with non existant user email to your domain. That is filling up the badmail folder and it is also sending out an NDR which is filling up the SMTP queues. They are probably staying in the queues bacause the domain sending is probably spoofed and non existant either. When I was using Excahnge 2000 I used GFI Mail Essentials and it controlled the spam. You can then set options to not send NDR for certain classified emails like emails that are blacklisted or classified as spam but still send NDRs for people that legit and type the wrong address. With Excahnge 2003 I use no spam software because 2003 has many more features for fighting spam.
Here is a good article. You may already be doing some of these
http://support.microsoft.com/default.aspx?scid=kb;en-us;319356
Here is a link to control bad mail folder
http://support.microsoft.com/?id=867642

Mark
0
 
LVL 104

Expert Comment

by:Sembee
ID: 16391548
Is this Exchange 2000 or Exchange 2003?
My response about badmail applies to Exchange 2003 ONLY. The badmail feature cannot be disabled in Exchange 2000.

With Exchange 2000 you should probably look at using GFI Mail Essentials. It has a recipient lookup feature (which is build in to Exchange 2003) and that stops NDR spam in its tracks.

Simon.
0
 

Author Comment

by:dashman
ID: 16397106
I am using exchange 2000. I mistyped it in the brief description but got is right in the long description of the problem. I will try the bad mail script suggested. I am using Brightmail on the server and will look to see if there is a way to configure it to not send NDRs. Are you familiar with the software and know if that can be done?

Thank you both for your excellent answers. You have both provided me with a much better understanding of the problem and ways to deal with it. I would like to split the points between the two of you. I have never done that before. Is it possible?
0
 
LVL 1

Expert Comment

by:maderosia
ID: 16426079
I am not too worried about the points, only that you got a solution.
Here is a link for the next time that you want to split points. And answers to common questions.
http://www.experts-exchange.com/help.jsp#hi69
I have no experience with BrightMail but make sure NDR's are not going out for everything. I would only send out NDR's for emails that do not exist on the domain and not spam. You will still send out NDR's but it will save you if someone types an email address wrong when trying to send to someone in your domain. They will know that it did not go through. I have also tried directing non existant user emails into a spam mailbox that I monitored and went through it everyday to see if any legit emails were in there (using GFI Mail Essentials). Spam is a pain but Exchange is getting better in handling it in 2003 sp2 and hopefully even better in Exchange 12.

Have a good one,
Mark
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
Stellar Exchange Toolkit: this 5 in 1 toolkit comes loaded with mega-software tool. Here’s an introduction to tools’ usage and advantages:
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question