Sp0cky
asked on
I am getting a whole bunch of these messages ..please help!? Exch2k3 ..looks like spam NDR"ing"
Exchange 2k3 all svc packs with spam and antivirus (symantec.)
I am having NDR's forwarded to me. While this is ok, some of these messages I have configured the exchange server to delete immediately if they are to specific addresses that I know don't exist. If that is the case, should I still be getting NDR's for them? Or are they deleted usually by spam like symantec after the NDR hits?
Also, I got about 50 of these in one night to all different names that don't exist at my organization. Does this mean I am under attack? Is it affecting performance of the server? How best should I handle these? Ignore them? Is anyone familiar with getting lots of these?
"Your message did not reach some or all of the intended recipients.
Subject: Virus Found in message "Test"
Sent: 4/21/2006 3:31 PM
The following recipient(s) could not be reached:
mary@mycompany.com on 6/17/2006 12:39 PM
The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
<server.mycompany.com #5.1.1> "
Thank you.
I am having NDR's forwarded to me. While this is ok, some of these messages I have configured the exchange server to delete immediately if they are to specific addresses that I know don't exist. If that is the case, should I still be getting NDR's for them? Or are they deleted usually by spam like symantec after the NDR hits?
Also, I got about 50 of these in one night to all different names that don't exist at my organization. Does this mean I am under attack? Is it affecting performance of the server? How best should I handle these? Ignore them? Is anyone familiar with getting lots of these?
"Your message did not reach some or all of the intended recipients.
Subject: Virus Found in message "Test"
Sent: 4/21/2006 3:31 PM
The following recipient(s) could not be reached:
mary@mycompany.com on 6/17/2006 12:39 PM
The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
<server.mycompany.com #5.1.1> "
Thank you.
>Does this mean I am under attack?
No, it means that some spammer is sending out SPAM using your domain name and probably bogus usernames.
>Is it affecting performance of the server?
Of course. It increases the processing load and clogs up your network.
>How best should I handle these? Ignore them?
Yes, there is little, if anything you can do. Just be sure they don't collect in some mailbox and fill up your hard drive. Also make sure you don't compound the problem by sending out NDRs for the NDRs. Some people do that sort of thing.
>Is anyone familiar with getting lots of these?
Just about anyone who runs a mail server has this happen at one time or another.
No, it means that some spammer is sending out SPAM using your domain name and probably bogus usernames.
>Is it affecting performance of the server?
Of course. It increases the processing load and clogs up your network.
>How best should I handle these? Ignore them?
Yes, there is little, if anything you can do. Just be sure they don't collect in some mailbox and fill up your hard drive. Also make sure you don't compound the problem by sending out NDRs for the NDRs. Some people do that sort of thing.
>Is anyone familiar with getting lots of these?
Just about anyone who runs a mail server has this happen at one time or another.
Symantec works pretty good, but I have found the best solution is relatively inexpensive. When your Symantec gets out of date or you feel you have gotten a decent return on your investment, consider an appliance. The Barracuda networks appliances (http://www.barracudanetworks.com/ns/?L=en) do an excellent job and stop the attacks and spam before they get to your mail server. Mcafee has the Webshield appliance and it also does an excelleny job.
Spammers are constantly trying to find new places to send their crap and the methods you are describing are totally normal.
Spammers are constantly trying to find new places to send their crap and the methods you are describing are totally normal.
ASKER
"that as you might be the administrator for the exchange server hence any mail for unnamed accounts are sent to you."
Thanks. I am aware of this and it is my intention to get these forwarded to me. My concern was is this something to be concerned about.
"it means that some spammer is sending out SPAM using your domain name and probably bogus usernames. Of course. It increases the processing load and clogs up your network. there is little, if anything you can do. Just be sure they don't collect in some mailbox and fill up your hard drive. Also make sure you don't compound the problem by sending out NDRs for the NDRs. Some people do that sort of thing."
Thank you jhance. Let me make sure I understand. My server is sending back an NDR to the sender telling them that there is no such name. So either way, I am responding to them with an NDR. Did I get that right?
As to the rest of your answer, that makes sense. Thanks for your input. I will let the question run a bit longer and then award points.
Thanks. I am aware of this and it is my intention to get these forwarded to me. My concern was is this something to be concerned about.
"it means that some spammer is sending out SPAM using your domain name and probably bogus usernames. Of course. It increases the processing load and clogs up your network. there is little, if anything you can do. Just be sure they don't collect in some mailbox and fill up your hard drive. Also make sure you don't compound the problem by sending out NDRs for the NDRs. Some people do that sort of thing."
Thank you jhance. Let me make sure I understand. My server is sending back an NDR to the sender telling them that there is no such name. So either way, I am responding to them with an NDR. Did I get that right?
As to the rest of your answer, that makes sense. Thanks for your input. I will let the question run a bit longer and then award points.
ASKER
oh, and what id "BCC?"
BCC=Blind Carbon Copy
Oh, another thing. A lot of NDRs are generated by Virus infections on other peoples PCs. Some of them spoof random addresses, some of them steal the address books of infected PCs.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
We've had this at some point but they are all gone now... don't worry too much about them...
This is classified as SPAM!