Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

What could these messages be that I am getting? Exch2k3.

Posted on 2006-06-10
15
Medium Priority
?
346 Views
Last Modified: 2010-03-06
What are these messages and why am I getting them?  I am an admin.  I have relaying turned off on the server.  Is my email addr somehow being used as a relay?  Any ideas?  Thanks.

"Your message did not reach some or all of the intended recipients.

Subject: Wanna check it out
Sent: 1/4/2002 4:59 PM

The following recipient(s) could not be reached:

  mail@mycompany.com on 6/10/2006 9:40 PM
  The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
  <server.mycompany.com #5.1.1>

  other email adrr@mycompany.com on 6/10/2006 9:40 PM
  The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
  <server.mycompany.com #5.1.1> "
0
Comment
Question by:Sp0cky
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 3
  • +1
15 Comments
 
LVL 8

Expert Comment

by:mvvinod
ID: 16879579
This is a know type of spam. They send you ndr's directly or sometimes use your e-mail address as source address (NOT FROM YOUR SERVER) to send out spam and when the e-mail address is bad, NDR comes back to you since yours is the source address.

If you made sure your server is not an open relay, there is nothing to worry about.

To verify that this is not going out of your server, you may also turn on message tracking and then check the outgoing logs to see if your server sent any of these messages...

Let me know if you need more details on configuring message tracking...

Vinod.
0
 

Author Comment

by:Sp0cky
ID: 16879666
Ok.  Thank you Vinod.  I will check this and get back.
0
 
LVL 32

Expert Comment

by:r-k
ID: 16879859
Yes, Vinod is very likely correct. You can examine the full headers and contents of the messages to sometimes find the true IP address where they originated.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 9

Expert Comment

by:Exchgen
ID: 16881794
Turn off NDR or all DSN (delivery status notification) from exchange global settings... this will stop relay of these NDR to the internet... mean while you could enable sender, recipient and connection filtering to fight spam better... (hoping you have exchange 2003).

Raghu
0
 

Author Comment

by:Sp0cky
ID: 16882584
Is this the "reject" setting under global settings->message delivery->sender id filtering?
0
 
LVL 9

Expert Comment

by:Exchgen
ID: 16882608
Hey hey..... forget sender ID filtering for now..... don't try it...

Sender filtering and sender ID filtering is different.

Raghu
0
 

Author Comment

by:Sp0cky
ID: 16882657
"Turn off NDR or all DSN (delivery status notification) from exchange global settings... "

Where is this setting then?  to turn off ndr?  thx.
0
 
LVL 8

Expert Comment

by:mvvinod
ID: 16883150
I think Exchgen is not understanding that you are getting the NDR. The NDR setting he is talking about prevent outgoing NDR from going out of your server incase you receive a mail whose receipient doesnt exist in your organization...

Turning off NDR doesnt play any role in your problem and in my options, turning off NDR SHOULD NEVER BE DONE.

For one reason it violates the RFC for SMTP. And sensibly think about this situation. Someone important misspelled one of your users e-mail address and you prevented NDR from reaching him. He thinks the mail was successfully sent and your user never receives anything. It causes mails to go into black hole and you might not be able to trace several simple problems because you turned off NDR.

Exchgen, PLease think again about how stopping NDR even plays any part in this problem.....

Vinod.
0
 
LVL 9

Expert Comment

by:Exchgen
ID: 16883646
I should say me feeling too lazy about typing a long message landed me in to trouble... :()

Vinod i agree to your concern 100%, although what i proposed was a temp workaround...

I am not sure but RNDR spam, can get real nasty and jam the network and down the server in no time....

My intention was to disable NDR, enable filterting and obviously enable it back... although many care about being compliant with RFC many flaunt it with no regret..

I guess rejecting an email on the basis of no PTR record for a sender domain is against RFC. :)

The admin is bound to get the 5.1.1 NDR as he also carries the postmaster account, which by default receives a copy of the NDR.

If recipient filtering is enabled, any email destined to non-existent mail enabled object in AD would get rejected. This would also reduce the 5.1.1 NDR. If this is a case of RNDR spam, where the originator is different or "<>" system msg, with the destination address as any domain (existent or non-existent) we are bound to have more issues, hence i suggested sender filtering and connection filtering.

Disabling NDR to internet would prevent these messages to cause too much of SMTP traffic. If it does generate traffic it’s possible that the domain might start getting blacklisted, slowly but surely.

Hope i was able to clear some cloud off the issue.

Raghu
 
0
 
LVL 8

Expert Comment

by:mvvinod
ID: 16885711
Again Exchgen, you dont seem to understand that HE IS GETTING THESE NDR MESSAGES. You are talking about his server not sending NDR. You are talking over and over about stopping his server sending any NDR's....

Someone sent a message to micosoft.com using his user's e-mail address as source and microsoft's sever is sending a NDR back to the user. How do you propose any of your filtering will filter this legitimate NDR.

And enabling receipient filtering will increase the spam levels, since the spammers will know the legitimate account from non-existent ones.

And FYI, no reverse DNS is not RFC compliant but does not land any mails in blackhole.

Vinod.
0
 
LVL 8

Accepted Solution

by:
mvvinod earned 2000 total points
ID: 16885755
Sp0cky,
  OPen ESM, expand your server and then go to protocols and then open SMTP Virtual Server properties and click on messages tab and clear any e-mail address from the last bax that says "forward all mails with unresolved recipient".

This will make sure you dont get NDR's whenever you receive a mail for address that doesnt exist in the organization...

Vinod.
0
 
LVL 8

Expert Comment

by:mvvinod
ID: 16885765
Also in the same place, remoce any e-mail address from fist box that says "forward copy of NDR to".

Sorry had to use 2 posts for saying this..

Vinod.
0
 

Author Comment

by:Sp0cky
ID: 16886037
Thank you Vinod.  I have been in the middle of an Exchange migration so sorry for the delay response.  I am trying to enable message tracking now in the general tab of the servername.  It does not seem to be able to search for a particular message or sender's messages right now.  For example, I will put in the user's emai laddress and hit find and I figured a whole bunc hof emails would come up but nothing happens or shows up.  I will continue to try to figure out what I am doing and report back.  Any ideas will help.  Thanks.
0
 
LVL 8

Expert Comment

by:mvvinod
ID: 16886098
You are in the right place. You should see all messages listed that went out, if you put in servername and sender's address. Make sure you dont just type the address but click on the button, put in the username and click on checkname. Do the same thing for the server name also. Check the date and time setting also.

Just to let you know, you wont be seeing any messages before the tracking log was enabled. ANd i'm assuming you are using message tracking under tools in ESM.

Try this and let me know.

Vinod.
0
 

Author Comment

by:Sp0cky
ID: 16886142
ok.
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Know the reasons and solutions to move/import EDB to New Exchange Server. Also, find out how to recover an Exchange .edb file and to restore the file back.
Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question