Solved

What could these messages be that I am getting? Exch2k3.

Posted on 2006-06-10
15
334 Views
Last Modified: 2010-03-06
What are these messages and why am I getting them?  I am an admin.  I have relaying turned off on the server.  Is my email addr somehow being used as a relay?  Any ideas?  Thanks.

"Your message did not reach some or all of the intended recipients.

Subject: Wanna check it out
Sent: 1/4/2002 4:59 PM

The following recipient(s) could not be reached:

  mail@mycompany.com on 6/10/2006 9:40 PM
  The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
  <server.mycompany.com #5.1.1>

  other email adrr@mycompany.com on 6/10/2006 9:40 PM
  The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
  <server.mycompany.com #5.1.1> "
0
Comment
Question by:Sp0cky
  • 6
  • 5
  • 3
  • +1
15 Comments
 
LVL 8

Expert Comment

by:mvvinod
ID: 16879579
This is a know type of spam. They send you ndr's directly or sometimes use your e-mail address as source address (NOT FROM YOUR SERVER) to send out spam and when the e-mail address is bad, NDR comes back to you since yours is the source address.

If you made sure your server is not an open relay, there is nothing to worry about.

To verify that this is not going out of your server, you may also turn on message tracking and then check the outgoing logs to see if your server sent any of these messages...

Let me know if you need more details on configuring message tracking...

Vinod.
0
 

Author Comment

by:Sp0cky
ID: 16879666
Ok.  Thank you Vinod.  I will check this and get back.
0
 
LVL 32

Expert Comment

by:r-k
ID: 16879859
Yes, Vinod is very likely correct. You can examine the full headers and contents of the messages to sometimes find the true IP address where they originated.
0
 
LVL 9

Expert Comment

by:Exchgen
ID: 16881794
Turn off NDR or all DSN (delivery status notification) from exchange global settings... this will stop relay of these NDR to the internet... mean while you could enable sender, recipient and connection filtering to fight spam better... (hoping you have exchange 2003).

Raghu
0
 

Author Comment

by:Sp0cky
ID: 16882584
Is this the "reject" setting under global settings->message delivery->sender id filtering?
0
 
LVL 9

Expert Comment

by:Exchgen
ID: 16882608
Hey hey..... forget sender ID filtering for now..... don't try it...

Sender filtering and sender ID filtering is different.

Raghu
0
 

Author Comment

by:Sp0cky
ID: 16882657
"Turn off NDR or all DSN (delivery status notification) from exchange global settings... "

Where is this setting then?  to turn off ndr?  thx.
0
Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

 
LVL 8

Expert Comment

by:mvvinod
ID: 16883150
I think Exchgen is not understanding that you are getting the NDR. The NDR setting he is talking about prevent outgoing NDR from going out of your server incase you receive a mail whose receipient doesnt exist in your organization...

Turning off NDR doesnt play any role in your problem and in my options, turning off NDR SHOULD NEVER BE DONE.

For one reason it violates the RFC for SMTP. And sensibly think about this situation. Someone important misspelled one of your users e-mail address and you prevented NDR from reaching him. He thinks the mail was successfully sent and your user never receives anything. It causes mails to go into black hole and you might not be able to trace several simple problems because you turned off NDR.

Exchgen, PLease think again about how stopping NDR even plays any part in this problem.....

Vinod.
0
 
LVL 9

Expert Comment

by:Exchgen
ID: 16883646
I should say me feeling too lazy about typing a long message landed me in to trouble... :()

Vinod i agree to your concern 100%, although what i proposed was a temp workaround...

I am not sure but RNDR spam, can get real nasty and jam the network and down the server in no time....

My intention was to disable NDR, enable filterting and obviously enable it back... although many care about being compliant with RFC many flaunt it with no regret..

I guess rejecting an email on the basis of no PTR record for a sender domain is against RFC. :)

The admin is bound to get the 5.1.1 NDR as he also carries the postmaster account, which by default receives a copy of the NDR.

If recipient filtering is enabled, any email destined to non-existent mail enabled object in AD would get rejected. This would also reduce the 5.1.1 NDR. If this is a case of RNDR spam, where the originator is different or "<>" system msg, with the destination address as any domain (existent or non-existent) we are bound to have more issues, hence i suggested sender filtering and connection filtering.

Disabling NDR to internet would prevent these messages to cause too much of SMTP traffic. If it does generate traffic it’s possible that the domain might start getting blacklisted, slowly but surely.

Hope i was able to clear some cloud off the issue.

Raghu
 
0
 
LVL 8

Expert Comment

by:mvvinod
ID: 16885711
Again Exchgen, you dont seem to understand that HE IS GETTING THESE NDR MESSAGES. You are talking about his server not sending NDR. You are talking over and over about stopping his server sending any NDR's....

Someone sent a message to micosoft.com using his user's e-mail address as source and microsoft's sever is sending a NDR back to the user. How do you propose any of your filtering will filter this legitimate NDR.

And enabling receipient filtering will increase the spam levels, since the spammers will know the legitimate account from non-existent ones.

And FYI, no reverse DNS is not RFC compliant but does not land any mails in blackhole.

Vinod.
0
 
LVL 8

Accepted Solution

by:
mvvinod earned 500 total points
ID: 16885755
Sp0cky,
  OPen ESM, expand your server and then go to protocols and then open SMTP Virtual Server properties and click on messages tab and clear any e-mail address from the last bax that says "forward all mails with unresolved recipient".

This will make sure you dont get NDR's whenever you receive a mail for address that doesnt exist in the organization...

Vinod.
0
 
LVL 8

Expert Comment

by:mvvinod
ID: 16885765
Also in the same place, remoce any e-mail address from fist box that says "forward copy of NDR to".

Sorry had to use 2 posts for saying this..

Vinod.
0
 

Author Comment

by:Sp0cky
ID: 16886037
Thank you Vinod.  I have been in the middle of an Exchange migration so sorry for the delay response.  I am trying to enable message tracking now in the general tab of the servername.  It does not seem to be able to search for a particular message or sender's messages right now.  For example, I will put in the user's emai laddress and hit find and I figured a whole bunc hof emails would come up but nothing happens or shows up.  I will continue to try to figure out what I am doing and report back.  Any ideas will help.  Thanks.
0
 
LVL 8

Expert Comment

by:mvvinod
ID: 16886098
You are in the right place. You should see all messages listed that went out, if you put in servername and sender's address. Make sure you dont just type the address but click on the button, put in the username and click on checkname. Do the same thing for the server name also. Check the date and time setting also.

Just to let you know, you wont be seeing any messages before the tracking log was enabled. ANd i'm assuming you are using message tracking under tools in ESM.

Try this and let me know.

Vinod.
0
 

Author Comment

by:Sp0cky
ID: 16886142
ok.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now