Solved

w2k3 Server SMTP Q full of spam and I can not find which machine in office is sending Help

Posted on 2006-11-10
6
188 Views
Last Modified: 2010-04-18
w2k3 Server SMTP Q full of spam and I can not find which machine in office is sending Help

I installed norton av corporate on server and all clients in the office yesterday.  Scans are not finding any viruses.  
0
Comment
Question by:jazzhands01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
6 Comments
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
ID: 17917467
This is probably not spam per se but NDR's that cannot be sent because they are responding to spam messages that came in but were addressed to an email address that doesn't exist on your domain.  Your Exchange server is trying to send NDR's to these external addressses where the spam originated - and since these are also bogus addresses, the NDR's just sit there clogging up your queues and don't go anywhere.  If you look at the actual messages in the queues, you'll see that they are all from "postmaster" and are all NDR's.

There are only 2 ways to stop this:

1.  Turn off your NDR's completely.  This will prevent the NDR's from filling up your queues.  However, be aware that the system still generates the NDR's, it just doesn't send them.  So, even though it keeps the queues clear, it is still creating a burden on your Exchange system.

2.  Put an anti-spam solution in place that will stop the incoming spam before it gets to Exchange so that the NDR's don't get created in the first place.  You can either use the native Exchange 2003 anti-spam capabilities, get the Symantec Anti-Virus anti-spam solution (since you already have Symantec), or look at other 3rd party solutions.  We've used both Nemx and GFI Mail Essentials at various of our customer sites, but there are many others out there.

Hope this helps!
0
 

Author Comment

by:jazzhands01
ID: 17917614
Thanks!  How do I turn off the ndr's?

0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 17917662
In the Exchange System Manager, go to the Global Settings/Internet Message Format, right-click on the Default format, go to Properties, and go to the Advanced tab.  Remove the checkmark from the Allow non-delivery reports box.

You might want to make sure your users/management understand that this means that if someone outside the company legitimately mis-addresses an email to someone in your organization, they will no longer get a non-delivery report.

Cheers!
0
 

Author Comment

by:jazzhands01
ID: 18094287
All good.  Thanks.
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question