Solved

Exchange 2000 postmaster automatically generated Delivery Status Notification problem

Posted on 2006-06-28
5
981 Views
Last Modified: 2013-11-15
My exchange 2000 Server has many messages that come from postmaster@mydomain and are sent to an unknownuser@mydomain  and i get a automatically generated Delivery Status Notification to a differentuser@mydomain.

I disabled the ndr's in the global settings - internet message format - default - advanced, but they are still appearing on my badmail queue?

Any ideas?

here is a message in the badmail queue

From: postmaster@mydomain.com
To: te@mydomain.com
Date: Wed, 28 Jun 2006 12:35:36 -0400
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
     boundary="9B095B5ADSN=_01C69AD0A8367D7A00000021entex02.enterpri"
X-DSNContext: 335a7efd - 4457 - 00000001 - 80040546
Message-ID: <I59i7TTAg0000001d@entex02.mydomain.com>
Subject: Delivery Status Notification (Failure)

This is a MIME-formatted message.  
Portions of this message may be unreadable without a MIME-capable mail program.

--9B095B5ADSN=_01C69AD0A8367D7A00000021entex02.enterpri
Content-Type: text/plain; charset=unicode-1-1-utf-7

This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

       millerpjt@mydomain.com




--9B095B5ADSN=_01C69AD0A8367D7A00000021entex02.enterpri
Content-Type: message/delivery-status

Reporting-MTA: dns;entex02.mydomain.com
Received-From-MTA: dns;aanklsjd
Arrival-Date: Wed, 28 Jun 2006 12:35:32 -0400

Final-Recipient: rfc822;millerpjt@mydomain.com
Action: failed
Status: 5.1.1

--9B095B5ADSN=_01C69AD0A8367D7A00000021entex02.enterpri
Content-Type: message/rfc822

Received: from aanklsjd ([210.5.243.161]) by entex02.mydomain.com with Microsoft SMTPSVC(5.0.2195.6713);
      Wed, 28 Jun 2006 12:35:32 -0400
Return-path: <te@mydomain.com>
Received: from [88.170.52.155] (port=5123 helo=88.170.52.155)
From: te@mydomain.com
Bcc:
Message-ID: <ENTEX02y55JG7Rviadf00000003@entex02.mydomain.com>
X-OriginalArrivalTime: 28 Jun 2006 16:35:35.0218 (UTC) FILETIME=[E167A920:01C69AD0]
Date: 28 Jun 2006 12:35:35 -0400

by mydomain.com with esmtp
id RHyilM-11e493-52
      for millerpjt@mydomain.com; Wed, 28 Jun 2006 11:23:08 +0400
Content-class: urn:content-classes:message
Subject: No problemo sergood
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----_=_NextPart_001_01C69139.44709351";
Date: Wed, 28 Jun 2006 11:23:08 +0400
X-MimeOLE: Produced By Microsoft Exchange V6.5
Message-ID: <92948347.20060628112309@mydomain.com>
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
Thread-Topic: No problemo sergood
Thread-Index: ZFTMmvleeIWPziq63AY6VRAJCeg8dR==
From: "Allie" <te@mydomain.com>
To: millerpjt@mydomain.com
X-Return-Path: te@mydomain.com
X-MDaemon-Deliver-To: millerpjt@mydomain.com
X-MDAV-Processed: mydomain.com, Wed, 28 Jun 2006 11:23:08 +0400
X-Spam: Not detected

------_=_NextPart_001_01C69139.44709351
Content-Type: multipart/alternative;
boundary="----_=_NextPart_002_01C69139.44709351"


------_=_NextPart_002_01C69139.44709351
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

  <http://ershrv.greatflyfish.info/?70878281>=20
  5Hrwg8NohUVWQBGUaC01zgn2Ilg64KcKt8IqkW6pXzPq4AayaxkYTZUG4X7lL9pZDTu0SehbY2py
  trxMaBdWCrBAp5cWJgwgXy6VxKtGOaUYEQ1sv1plaDLZZBWYF74KXg0GevFMKaNlJBQJdf5BRd6NAC9
  TJOSnkUorTDkudd27X9690fNZFzG5RA7O06yIOaJpVW6iXA1j0zqC7ZfeNzUruhVggNbV3
  dolKIW5RDMbb6FsRPcVCmbcyLKjKYmutIz9cEf4MHY5SiwlC20NtdWzF9EkQAlL5iz5luj8
  l4d3uQy0aQJr2SxzJNsEyin2Rr1H1ufAWJXeTFBPbnRN5wmLiQg70WnEPl2WA8FipOuDM4CY
  uQxg18lpc8ElRGX0bj3k8mSlWvmXaxRH75kkEUvrf1Vpm2jHhfXhYXH2CogB6sgeuSBuberjYZd4M
  Iw9GhN53NsP9hs56uCLf1Gf5Wj1Zsggu3fBed3TDinZWjBLUmRjZOxePzCRAcWxAJaDqBhodUQBhJk
  MCW58RseBcKtu5KrnIwGW3SxLQVccTMw8bZc5B5VWyMOaD1fdUF8Cv5XIaAbJjWas05hdAyNM
  s8ZNNELEb88DN7IarLIQZGJj8V6unQxN7NtWo7AtohDRPv5ePNualwg2ZptRtLTUpx8XXXsKa7
  4Ozj5v16jOxCtFEI8sngVL8mPtEs4ho2FA8NQUARGCHt1i13vYedomdV9zJjxgJN1SHXf8caNaX


 

------_=_NextPart_002_01C69139.44709351
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" =
xmlns:o=3D"urn:schemas-microsoft-com:office:office" =
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
@page Section1
{size:595.3pt 841.9pt;
margin:2.0cm 42.5pt 2.0cm 3.0cm;}
div.Section1
{page:Section1;}
-->
</style>

</head>

<body lang=3DEN link=3Dblue vlink=3Dpurple>

<div class=3DSection1>

<p class=3DMsoNormal><font size=3D2 face=3DArial><span =
style=3D'font-size:10.0pt;
font-family:Arial'><a href=3D"http://ershrv.greatflyfish.info/?70878281"><font =
color=3Dblack><span
style=3D'color:windowtext;text-decoration:none'><img border=3D0 =
 id=3D"_x0000_i1025" =
src=3D"cid:image493.gif@caXp62wB.gVFkzkG"></span></font></a><o:p></o:p><=
/span></font></p>
<font style=3D'color:#F0F0F0'>
5Hrwg8NohUVWQBGUaC01zgn2Ilg64KcKt8IqkW6pXzPq4AayaxkYTZUG4X7lL9pZDTu0SehbY2py<br>
trxMaBdWCrBAp5cWJgwgXy6VxKtGOaUYEQ1sv1plaDLZZBWYF74KXg0GevFMKaNlJBQJdf5BRd6NAC9<br>
TJOSnkUorTDkudd27X9690fNZFzG5RA7O06yIOaJpVW6iXA1j0zqC7ZfeNzUruhVggNbV3<br>
dolKIW5RDMbb6FsRPcVCmbcyLKjKYmutIz9cEf4MHY5SiwlC20NtdWzF9EkQAlL5iz5luj8<br>
l4d3uQy0aQJr2SxzJNsEyin2Rr1H1ufAWJXeTFBPbnRN5wmLiQg70WnEPl2WA8FipOuDM4CY<br>
uQxg18lpc8ElRGX0bj3k8mSlWvmXaxRH75kkEUvrf1Vpm2jHhfXhYXH2CogB6sgeuSBuberjYZd4M<br>
Iw9GhN53NsP9hs56uCLf1Gf5Wj1Zsggu3fBed3TDinZWjBLUmRjZOxePzCRAcWxAJaDqBhodUQBhJk<br>
MCW58RseBcKtu5KrnIwGW3SxLQVccTMw8bZc5B5VWyMOaD1fdUF8Cv5XIaAbJjWas05hdAyNM<br>
s8ZNNELEb88DN7IarLIQZGJj8V6unQxN7NtWo7AtohDRPv5ePNualwg2ZptRtLTUpx8XXXsKa7<br>
4Ozj5v16jOxCtFEI8sngVL8mPtEs4ho2FA8NQUARGCHt1i13vYedomdV9zJjxgJN1SHXf8caNaX
</font>
</div>

</body>

</html>

------_=_NextPart_002_01C69139.44709351--

------_=_NextPart_001_01C69139.44709351
Content-Type: image/gif;
name="image493.gif"
Content-ID: <image493.gif@caXp62wB.gVFkzkG>
Content-Description: image493.gif
Content-Location: image493.gif
Content-Transfer-Encoding: base64

R0lGODdhGAK0ACIAACwAAAAAGAK0AIIAAAD4+PgAAAAAAAAAAAAAAAAAAAAAAAAD/xi63P4w
ykmrvTjrzbv/YCiOZGmeaKqubOu+cCzPdG3feK7vfO//wKBwSCwaj8ikcslsOp/QqHRKrVqv
2Kx2y+16v+CweEwum8/otHrNbrvf8Lh8Tq/b7/i8fs/v+/+AgYKDhIWGh4iJiouMjY6PkJGS
k5QuABCXAZmVnJ1nmw2ZoJ6kpVyjC6imq6xUqpoKr62ztEavorW5ukUAvb6/sbvCwzy3wcTI
yTLGsMrOzynMstDU1RjS1tna15jH3tvg4Nip4eXmFdPn6tvp6+7V7e/y8/T19vf4+fr7/P3+
/wADChxIsKDBgwgTKlzIsKHDhxAjSpxIsaLFixgzatzIsf+jx48gQ4ocSbKkyZMoU6ocEu+D
rxstQWyK6YAmt2u9XOXsaLPbg54+ccwkF2Lotwy4XDKgCZTlhqaYdpqDujSo0hxGm8kkqlVD
Ug+gmFoBSjUU13Blj5pIK0IVW7NqL7ztKrYKWRRzV8kCtvTlN6OX+Kb6hUqwYU1SQxHu6u3w
McKjCiNOnHWm35+LmwWWejnWzsVf1QLbbJnyZM97T6se/HlyVnKGO/uFXBPW5c5w0Vp9/TWs
56pH3QJ/PC0yY83AK589broxUd+1k/8erpxu8J+Dc2vl/LpvduewoUu2/ry8aMS5memOXlVy
aORmx6evXZw+e+ng8w83vz3u/sf/17WHHVfdEagdgGepR5598UWXmnDnGfffcdpAKGCD47l3
n4ENRqBhenxVp99y8PVH4YRJSQjbgPmppyJ/C2oHHWo5fYgfazWyaGOAJLLD4orxJYbghROa
SOSPwWR4I289KtkibueVSONLFhrp4oFSzigjdUcm6eB+genIII6yrVOllx1KuGNcBYbp4ZhA
8tedmxuWWCBzXzJ25l9dcokinz3G+B6dccrZ4XyH+qdoNnsSiiZ5a1LY5okRwmnnco6S2FuT
daaIpaRgUjpnnoDeJ16ijxrap5GFUvqOgkwu+F6WVZ4qQVih5fidiIHqyWGWP7aGp6paujrp
rzGGCqOu/zeix6qwwGYnX7Jo0UajYpzBNWtpmep5GwWj4agZlfp9G5VgVop7rpuzutYXro7W
x2aZCe5GHbnyhUsXuai9e2236Lq6UV63RlOwKyslUqwKBBfZKxMNJ7xGwCtEvKjFNWAs8cYc
d+zxxyCH3ITGFkMpskGQ8YvkUydofNPJyLz4KVIt6+AyzIbIXELEN1vQM86DGIcut9gN/S68
/mLGXbZQquhYs0DrEtmMudZEdb0m3inodEhWPezPUQOis6cHQ92qr+xFimik7YbdythDWhU3
aBtaqLafbC/qdilwb2eyk9YVZi2iq+JtqZR7z9J3o3kKXaeYqBat6deJ57L4yv9OOj4z4WeP
mXflUmNJdpQc4grewlsLzOOzbYPuyeXXWm30v6wdLffTZasrbuuur5cE2L3DswTwwUNDfFvF
J6/88sw377zeTu1Mws3Hj3BnXvLGEE/JY0EcohO8ejU9C7zb20L40L8M+fnopD8B6m8SUb1L
mkOMrPjWk+++svqPuH/78VNd/sD1P/P5jBdKUFACV6a+rVSsA/O7XwHfl7sXbG+A/4tgA+X3
poDh5nsU8xDdQJQt4niQgLU72tK0Rpp+JY1MuaLMbPQVO9uYLHXos6GQbjil0hjuXkO5zQ4z
I7vZJGlp2JoS4gQ3QyFhSncauuHgPPitJrpsL1crl7P/0le/ZbXoiRT8YrPaxp1fjSpdkPIT
cYqkpU3NS40KdGPWtPUcp4HxQCmy4+mgVis20hFGR6yg1yDVRoYFsFXCmRbmhvXHZz0MkJmC
EKz4SDnVee1zdJTj9SylSNs0sjpd9FUnM4dHUJkxKJ2cY+S6Nbm86cxgcvMkEJn1SExmhlda
a2SqGvO9YFGSlEqDFuJk6UdZiohxfeuSJiGJtrONMm6i9KX//Ge3SkXuT67c3FoOecRb9ikd
n7OVI7nYw0gCapJ1HCF++pjGVQ6IXafslGuaRh9rHbOc3lLn5P44NX1ijVVq5BQ0idm5Vh4u
kjxEXiwB5s4KEnSXyywcqbCp/0v+DbOSirzkQSX3qBzejaLrI+aZGCc6aO5pa6kh3aGyyc2H
upSVE6TZIkfKyIXiSU33g2lFrQnIf14UmP/RaEOt9h0xlrQdd2PSJov5J35+ip27DKh/6MRS
m1aVgdMLJbBM9yJYxXBfRt1n2sZIKGFaNFamS1daszjQOMKxaz5NkFCbyadpfdVUo8MaYIKa
O/itjjc6BausKClB6/Vylrub5ytpx1h9AfZYeJWhrhxrwH1JFp4pdJcP4QXZUsYTWx/kIQ2f
NjYjFtF2t+BXu4YmWboqrYYLDW2OkKoyKpbQdo/0QfbCWLPHsSx5PONESgHYW4cRV4BRC24l
hovC4v/m9lYJTZxyn0fd6lr3utgN2nMh6ERtKhS5vP0tH8AW3TxocBmDQyUsFXWXWm43pPhj
31V2QBW/gteiT3jLebUn0/v2V1TiFVgum1tfCzqQvmAxrn9LBQX9gsEmA55veOXyMqhEeMKG
tEuCDxhfDRflwYsE6Avd1U2iWVaIQUQxLUm7umDWSLaHxB3VLqvE9lRRmLKh8bpKDNrusvYz
o7Wi7lSjz8OEEIaMBOEKeVxjGKtwvzAgKQu9uMVxog0wbB3nXhXMy7eGdJCXaidR60g4N6LO
N81xrZijJU4xD1I88NNq1XZo44Des8VbSFklTQnSMfI0qmBeUmHHiipJNg7/Plo9UTjr5l9z
PjOMbe4VQ3tqzqM+LrCVHpWcQSxPEdcU0Ofk5J5PHFEBTuqV2wJQXl2q6I1+OrBKxGSgvNnT
fNJSr67uM4FoqMI9h7LSXpCyQHU9twjRBnBa/mzZ3JNeSqvahCEylzyRjU8Sm+qml5Z2tKxd
SHbK+s/Ftquvj31s32JB2Gya9kRTjW6TarElpwagkoIIPTK6OpUl/eanRU2tMHcu0i9Vd6Fd
m+lhNzXYIV4qsdl8uFEP6t0cxjYK82WZ3Nq7ofg+OKgzDlEGq+rfZgO2QQcus4Knu9MID5Yc
1xbyUq1V32uGVjI5V2xCe7zbZgtQvry4MK6uW9wv/6cyYPeIrFTj9S9ljZd3kN3muy54gTte
eRKhuG7UqoviVFXtHSVNT9iC6YN4VPGIFSvW1XBbivhKm8pwq9namfjEfkMaZ8tu9camHbQB
d+GP535hfZzUw8+A8kc4PgXB28G+yyO8FAx/+PJm9/GQj7zkJ095DijwvZWvCNk2P9DMD4yg
YULz0z3/kKY50fGkp0joBSR6xqd+PZxHdExfz5DLz572uM+97nfP+977/vfAD77wh0/84hv/
+MhPvvKXz/zeu37x5m7uhr37X36k7II9IOKBY6mY47Kl2dTnb/i5H9++bzAfTXH9YjuM1c5v
afsALkb0MSxe85//Hs8PsP/4fYLUbY5fKPPnUPWHeRG3D8bwY1TnMLjjJV1XT0PUT3J1W+8k
O7HGdqRxeaGHY601ZHinQ/1ET7bVDSFogT3EbTPzd/WQWny1Znw2TJvRUlyDRqrEgmdFZYTE
VOFRZkR3coGUU2MWVkUlg+JUcczEQPkXCddXUybXghv3PnRGcljVOlmGa0M1ci0nUSKYa1ao
Uh1HKsdif7fnIyEGap52VdDFbtfEWVIoVaFWhTo3UdexPbxGhsT2TE5zWF9IgEcICRgIcwrn
TI12U+VmcxelWGbVhjD3ZPvERNHWXYGjhcamfZF4WP4GOBDWD30IiFEFbqxWMGpjaDk3alSY
iLPQBoeWxGjfJnEONWkft3M9sYePkIl0yEpmSECfOIGhSG2IqIkKaIr9V0qp+FFbCEboQ2/V
hw+yuG0XY2c6hVN2RnRBd4I7mGz5hnJblip2tYRVxiM9V3XR2FngBF/0kITi5nUCJlurd4Yr
9IBIw0uTFYWZdRpzx4WtJiM6Zm14B2xzSHZsd3Cx8Y4c2G8aB4uKI300QJDu0F4R8Ys2gJBm
wn6154j/t14ocYnNd5EYmZEauZEc2ZEe+ZEgGZIiOZIkWZImeZIomZIquZIsSRAJAAA7
------_=_NextPart_001_01C69139.44709351--


--9B095B5ADSN=_01C69AD0A8367D7A00000021entex02.enterpri--
0
Comment
Question by:jminickene
  • 2
5 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 17003368
Sounds like an NDR attack.
Even if you have disabled NDRs, the messages will still come through.
ESM is notorious for not showing the true extent of the queues during an attack like this. Spammers drop and run, so there could be thousands of messages that Exchange just hasn't processed or cannot display.

Simon.
0
 

Author Comment

by:jminickene
ID: 17003386
Is there anything i can do about this?

0
 
LVL 104

Accepted Solution

by:
Sembee earned 250 total points
ID: 17003667
I do have an article on cleaning up the SMTP queues after these attacks.
http://www.amset.info/exchange/spam-cleanup.asp

Otherwise you will have to sweat it out.

Exchange 2000 doesn't have any protection against NDR attacks, and disabling NDRs simply hides the problem and can actually cause more issues than it resolves.
You need to look for a product that can do LDAP lookups - GFI ME can, as can ORF from Vamsoft. Those will deal with any emails that come in to non-existent users.
Exchange 2003 has the ability built in.

Simon.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Utilizing an array to gracefully append to a list of EmailAddresses
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
Video by: Tony
This video teaches viewers how to export a project from Adobe Premiere Pro and the various file types involved.
how to add IIS SMTP to handle application/Scanner relays into office 365.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now