AndyKeen
asked on
Not sure what these messages are:
Hi.
Our clients are receiving a number of NDR's for ficticious names BUT the correct domain names.
Below is an example of the error from the daily performance report.
Source Event ID Last Occurrence Total Occurrences
MSExchangeTransport 7010 22/11/2006 04:14 35 *
This is an SMTP protocol log for virtual server ID 1, connection #106. The client at "82.81.218.121" sent a "helo" command, and the SMTP server responded with "501 5.5.4 Invalid Address ". The full command sent was "helo |http://mail.oldartero.com:8889/cgi-bin/put". This will probably cause the connection to fail. For more information, click http://www.microsoft.com/contentredirect.asp.
We did setup some monitoring on this server because we thought they were an open relay - but can remember where we set-up the monitoring or even if these NDR's are a result of that monitoring.
Either way, are these NDR's normal - is there a problem and can it be fixed????
Many thanks
Regards
Andy.
Our clients are receiving a number of NDR's for ficticious names BUT the correct domain names.
Below is an example of the error from the daily performance report.
Source Event ID Last Occurrence Total Occurrences
MSExchangeTransport 7010 22/11/2006 04:14 35 *
This is an SMTP protocol log for virtual server ID 1, connection #106. The client at "82.81.218.121" sent a "helo" command, and the SMTP server responded with "501 5.5.4 Invalid Address ". The full command sent was "helo |http://mail.oldartero.com:8889/cgi-bin/put". This will probably cause the connection to fail. For more information, click http://www.microsoft.com/contentredirect.asp.
We did setup some monitoring on this server because we thought they were an open relay - but can remember where we set-up the monitoring or even if these NDR's are a result of that monitoring.
Either way, are these NDR's normal - is there a problem and can it be fixed????
Many thanks
Regards
Andy.
ASKER
Hi Susan - Thanks for your info.
Below are two typical NDR's - note that the domain names are correct but the pre- @ is incorrect.
Your message did not reach some or all of the intended recipients.
Subject: Irene Deutsch/ALBD/HeavyStamping ist in Karenz
Sent: 22/11/2006 15:02
The following recipient(s) could not be reached:
fnlod@ABC.co.uk on 22/11/2006 15:07
The message contains a content type that is not supported
<ABC.co.uk #5.6.1 smtp;554 5.6.1 Body type not supported by Remote Host>
E.G. 2
Your message did not reach some or all of the intended recipients.
Subject: somewhat daily
Sent: 21/11/2006 16:33
The following recipient(s) could not be reached:
info@CDE-it.co.uk on 21/11/2006 18:07
A configuration error in the e-mail system caused the message to bounce between two servers or to be forwarded between two recipients. Contact your administrator.
<ABC.co.uk #4.4.6>
Note - the domain name CDE-it.co.uk (Changed) is a valid domain name as is ABC.co.uk (Changed) - the pre - @ is a valid name but more luck than judgement perhaps.
Hope this helps.
Regards
Andy.
Below are two typical NDR's - note that the domain names are correct but the pre- @ is incorrect.
Your message did not reach some or all of the intended recipients.
Subject: Irene Deutsch/ALBD/HeavyStamping
Sent: 22/11/2006 15:02
The following recipient(s) could not be reached:
fnlod@ABC.co.uk on 22/11/2006 15:07
The message contains a content type that is not supported
<ABC.co.uk #5.6.1 smtp;554 5.6.1 Body type not supported by Remote Host>
E.G. 2
Your message did not reach some or all of the intended recipients.
Subject: somewhat daily
Sent: 21/11/2006 16:33
The following recipient(s) could not be reached:
info@CDE-it.co.uk on 21/11/2006 18:07
A configuration error in the e-mail system caused the message to bounce between two servers or to be forwarded between two recipients. Contact your administrator.
<ABC.co.uk #4.4.6>
Note - the domain name CDE-it.co.uk (Changed) is a valid domain name as is ABC.co.uk (Changed) - the pre - @ is a valid name but more luck than judgement perhaps.
Hope this helps.
Regards
Andy.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
My first inclination is simply to say they are generated by spammers who are attempting to send messages to users on that server using a from address in the same domain. It is a fairly common practice.
Message from: accounting@yourdomain.com
Message to: susan@yourdomain.com
Another possibility is that they are the victim of a Joe Job--a spammer using one of their email addresses in the from line. In that scenario, though, the number of NDRs generated is a much higher volume.
Recently I have even seen fake NDRs generated as the spam--it looks like it was sent from me to someone else and their mail server rejected it. Scrutiny of the header shows that it was not an NDR generated from an actual bounce.