Solved

w2k3 Server SMTP Q full of spam and I can not find which machine in office is sending Help

Posted on 2006-11-10
6
183 Views
Last Modified: 2010-04-18
w2k3 Server SMTP Q full of spam and I can not find which machine in office is sending Help

I installed norton av corporate on server and all clients in the office yesterday.  Scans are not finding any viruses.  
0
Comment
Question by:jazzhands01
  • 2
  • 2
6 Comments
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
ID: 17917467
This is probably not spam per se but NDR's that cannot be sent because they are responding to spam messages that came in but were addressed to an email address that doesn't exist on your domain.  Your Exchange server is trying to send NDR's to these external addressses where the spam originated - and since these are also bogus addresses, the NDR's just sit there clogging up your queues and don't go anywhere.  If you look at the actual messages in the queues, you'll see that they are all from "postmaster" and are all NDR's.

There are only 2 ways to stop this:

1.  Turn off your NDR's completely.  This will prevent the NDR's from filling up your queues.  However, be aware that the system still generates the NDR's, it just doesn't send them.  So, even though it keeps the queues clear, it is still creating a burden on your Exchange system.

2.  Put an anti-spam solution in place that will stop the incoming spam before it gets to Exchange so that the NDR's don't get created in the first place.  You can either use the native Exchange 2003 anti-spam capabilities, get the Symantec Anti-Virus anti-spam solution (since you already have Symantec), or look at other 3rd party solutions.  We've used both Nemx and GFI Mail Essentials at various of our customer sites, but there are many others out there.

Hope this helps!
0
 

Author Comment

by:jazzhands01
ID: 17917614
Thanks!  How do I turn off the ndr's?

0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 17917662
In the Exchange System Manager, go to the Global Settings/Internet Message Format, right-click on the Default format, go to Properties, and go to the Advanced tab.  Remove the checkmark from the Allow non-delivery reports box.

You might want to make sure your users/management understand that this means that if someone outside the company legitimately mis-addresses an email to someone in your organization, they will no longer get a non-delivery report.

Cheers!
0
 

Author Comment

by:jazzhands01
ID: 18094287
All good.  Thanks.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now