What could these messages be that I am getting? Exch2k3.

What are these messages and why am I getting them?  I am an admin.  I have relaying turned off on the server.  Is my email addr somehow being used as a relay?  Any ideas?  Thanks.

"Your message did not reach some or all of the intended recipients.

Subject: Wanna check it out
Sent: 1/4/2002 4:59 PM

The following recipient(s) could not be reached:

  mail@mycompany.com on 6/10/2006 9:40 PM
  The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
  <server.mycompany.com #5.1.1>

  other email adrr@mycompany.com on 6/10/2006 9:40 PM
  The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
  <server.mycompany.com #5.1.1> "
Sp0ckyAsked:
Who is Participating?
 
mvvinodConnect With a Mentor Commented:
Sp0cky,
  OPen ESM, expand your server and then go to protocols and then open SMTP Virtual Server properties and click on messages tab and clear any e-mail address from the last bax that says "forward all mails with unresolved recipient".

This will make sure you dont get NDR's whenever you receive a mail for address that doesnt exist in the organization...

Vinod.
0
 
mvvinodCommented:
This is a know type of spam. They send you ndr's directly or sometimes use your e-mail address as source address (NOT FROM YOUR SERVER) to send out spam and when the e-mail address is bad, NDR comes back to you since yours is the source address.

If you made sure your server is not an open relay, there is nothing to worry about.

To verify that this is not going out of your server, you may also turn on message tracking and then check the outgoing logs to see if your server sent any of these messages...

Let me know if you need more details on configuring message tracking...

Vinod.
0
 
Sp0ckyAuthor Commented:
Ok.  Thank you Vinod.  I will check this and get back.
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
r-kCommented:
Yes, Vinod is very likely correct. You can examine the full headers and contents of the messages to sometimes find the true IP address where they originated.
0
 
ExchgenCommented:
Turn off NDR or all DSN (delivery status notification) from exchange global settings... this will stop relay of these NDR to the internet... mean while you could enable sender, recipient and connection filtering to fight spam better... (hoping you have exchange 2003).

Raghu
0
 
Sp0ckyAuthor Commented:
Is this the "reject" setting under global settings->message delivery->sender id filtering?
0
 
ExchgenCommented:
Hey hey..... forget sender ID filtering for now..... don't try it...

Sender filtering and sender ID filtering is different.

Raghu
0
 
Sp0ckyAuthor Commented:
"Turn off NDR or all DSN (delivery status notification) from exchange global settings... "

Where is this setting then?  to turn off ndr?  thx.
0
 
mvvinodCommented:
I think Exchgen is not understanding that you are getting the NDR. The NDR setting he is talking about prevent outgoing NDR from going out of your server incase you receive a mail whose receipient doesnt exist in your organization...

Turning off NDR doesnt play any role in your problem and in my options, turning off NDR SHOULD NEVER BE DONE.

For one reason it violates the RFC for SMTP. And sensibly think about this situation. Someone important misspelled one of your users e-mail address and you prevented NDR from reaching him. He thinks the mail was successfully sent and your user never receives anything. It causes mails to go into black hole and you might not be able to trace several simple problems because you turned off NDR.

Exchgen, PLease think again about how stopping NDR even plays any part in this problem.....

Vinod.
0
 
ExchgenCommented:
I should say me feeling too lazy about typing a long message landed me in to trouble... :()

Vinod i agree to your concern 100%, although what i proposed was a temp workaround...

I am not sure but RNDR spam, can get real nasty and jam the network and down the server in no time....

My intention was to disable NDR, enable filterting and obviously enable it back... although many care about being compliant with RFC many flaunt it with no regret..

I guess rejecting an email on the basis of no PTR record for a sender domain is against RFC. :)

The admin is bound to get the 5.1.1 NDR as he also carries the postmaster account, which by default receives a copy of the NDR.

If recipient filtering is enabled, any email destined to non-existent mail enabled object in AD would get rejected. This would also reduce the 5.1.1 NDR. If this is a case of RNDR spam, where the originator is different or "<>" system msg, with the destination address as any domain (existent or non-existent) we are bound to have more issues, hence i suggested sender filtering and connection filtering.

Disabling NDR to internet would prevent these messages to cause too much of SMTP traffic. If it does generate traffic it’s possible that the domain might start getting blacklisted, slowly but surely.

Hope i was able to clear some cloud off the issue.

Raghu
 
0
 
mvvinodCommented:
Again Exchgen, you dont seem to understand that HE IS GETTING THESE NDR MESSAGES. You are talking about his server not sending NDR. You are talking over and over about stopping his server sending any NDR's....

Someone sent a message to micosoft.com using his user's e-mail address as source and microsoft's sever is sending a NDR back to the user. How do you propose any of your filtering will filter this legitimate NDR.

And enabling receipient filtering will increase the spam levels, since the spammers will know the legitimate account from non-existent ones.

And FYI, no reverse DNS is not RFC compliant but does not land any mails in blackhole.

Vinod.
0
 
mvvinodCommented:
Also in the same place, remoce any e-mail address from fist box that says "forward copy of NDR to".

Sorry had to use 2 posts for saying this..

Vinod.
0
 
Sp0ckyAuthor Commented:
Thank you Vinod.  I have been in the middle of an Exchange migration so sorry for the delay response.  I am trying to enable message tracking now in the general tab of the servername.  It does not seem to be able to search for a particular message or sender's messages right now.  For example, I will put in the user's emai laddress and hit find and I figured a whole bunc hof emails would come up but nothing happens or shows up.  I will continue to try to figure out what I am doing and report back.  Any ideas will help.  Thanks.
0
 
mvvinodCommented:
You are in the right place. You should see all messages listed that went out, if you put in servername and sender's address. Make sure you dont just type the address but click on the button, put in the username and click on checkname. Do the same thing for the server name also. Check the date and time setting also.

Just to let you know, you wont be seeing any messages before the tracking log was enabled. ANd i'm assuming you are using message tracking under tools in ESM.

Try this and let me know.

Vinod.
0
 
Sp0ckyAuthor Commented:
ok.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.