Solved

w2k3 Server SMTP Q full of spam and I can not find which machine in office is sending Help

Posted on 2006-11-10
6
185 Views
Last Modified: 2010-04-18
w2k3 Server SMTP Q full of spam and I can not find which machine in office is sending Help

I installed norton av corporate on server and all clients in the office yesterday.  Scans are not finding any viruses.  
0
Comment
Question by:jazzhands01
  • 2
  • 2
6 Comments
 
LVL 38

Accepted Solution

by:
Hypercat (Deb) earned 500 total points
ID: 17917467
This is probably not spam per se but NDR's that cannot be sent because they are responding to spam messages that came in but were addressed to an email address that doesn't exist on your domain.  Your Exchange server is trying to send NDR's to these external addressses where the spam originated - and since these are also bogus addresses, the NDR's just sit there clogging up your queues and don't go anywhere.  If you look at the actual messages in the queues, you'll see that they are all from "postmaster" and are all NDR's.

There are only 2 ways to stop this:

1.  Turn off your NDR's completely.  This will prevent the NDR's from filling up your queues.  However, be aware that the system still generates the NDR's, it just doesn't send them.  So, even though it keeps the queues clear, it is still creating a burden on your Exchange system.

2.  Put an anti-spam solution in place that will stop the incoming spam before it gets to Exchange so that the NDR's don't get created in the first place.  You can either use the native Exchange 2003 anti-spam capabilities, get the Symantec Anti-Virus anti-spam solution (since you already have Symantec), or look at other 3rd party solutions.  We've used both Nemx and GFI Mail Essentials at various of our customer sites, but there are many others out there.

Hope this helps!
0
 

Author Comment

by:jazzhands01
ID: 17917614
Thanks!  How do I turn off the ndr's?

0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 17917662
In the Exchange System Manager, go to the Global Settings/Internet Message Format, right-click on the Default format, go to Properties, and go to the Advanced tab.  Remove the checkmark from the Allow non-delivery reports box.

You might want to make sure your users/management understand that this means that if someone outside the company legitimately mis-addresses an email to someone in your organization, they will no longer get a non-delivery report.

Cheers!
0
 

Author Comment

by:jazzhands01
ID: 18094287
All good.  Thanks.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Ms Filer Server Migration toolkit issues 2 67
Bizarre hard disk problem 15 120
Connecting two servers 30 82
Using VBScript. How to obtain the recomended paging file size? 8 48
Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question