Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 188
  • Last Modified:

Cannot send emails

I work on PC support, but am a novice with servers.  I have been asked to look at a system which is running Windows 2000 server and will receive emails but will not send.  After a day or two the emails are returned as 'unreachable destination'
I have looked in the exchange server and the queue 'messages with an unreachable destination' contains 83 emails, a few of which come from PCs on the server (there are only 2), but the majority appear top come from spam addresses.
Please can anyone help me sort this out.  
Thanks John
0
jcolles
Asked:
jcolles
  • 5
  • 3
  • 3
  • +2
1 Solution
 
redseatechnologiesCommented:
Those are most probably NDR spam, and can be resolved by filtering users -> http://www.amset.info/exchange/filter-unknown.asp

Then at least your queues will be clean, and you can check the legitimate failures.

If there is only a few that are a problem, that I would be looking at either user error, or a recipient problem.

-red
0
 
ATIGCommented:
1. Are the messages in the queue going to legitimate user?
2. can you send a message from an internal user to hotmail ?

you can do a look up on the mx of the destination
a. open command prompt
b. nslookup <enter>
c. Set type=mx <enter>
d. domainX <enter>
e. quit
f. telnet MX 25 <enter>
replace mx with the mx returned from the above query, you should connect else there is a communication problem.

also this will validate dns is working
0
 
jcollesAuthor Commented:
Thanks for your comments.
nslookup gets a reply 158.132.1.43 DDS timedout
John
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
ATIGCommented:
its possible they are bogus domains....

can you send mail to hotmail ect... ?
0
 
jcollesAuthor Commented:
I rang the owner and asked him to email a hotmail address, but nothing received yet, so I do not think that works either.  Unfortunately I am 1/2 hour drive from the system.
 As an aside, is it easy to sut up a remote desktop so that I can access the server from her?
0
 
ATIGCommented:
yep.... just need the ports open :P
0
 
SembeeCommented:
The first thing I would suggest is a call to the ISP to see if port 25 is blocked on that connection. If the server is sending out spam the ISP may have blocked the port. They don't always tell you they have done that.

Recipient filtering doesn't apply here as it is Windows 2000. However if the server is being used for NDR spam then you will probably have to put something in front of the server to do the filtering. I usually suggest Vamsoft ORF as it is cheap (priced per server).

You need to identify where the spam is coming from - and whether it is NDR spam (messages from postmaster@ ) or from a user account - often the administrator account, which has been attacked.

Simon.
0
 
jcollesAuthor Commented:
Most of the emails are from postmaster@, with quite a bunch of recent ones being from something like alice.cfxxxmv@ or words to that effect.  Amongst them are a few genuine ones like richard@.  The company have not been sending emails recently as they realised that they were not getting out.
I first saw the system last week and noticed that the virus protection was well out of date and disabled.  I was advised by a local expert that that was not too serious on a server as provided the clients were well protected, it should not be possible for malware to land on the server as it should pass straight through and be detected by the clients.  Is that true?
0
 
SembeeCommented:
If there are emails on the server that are being sent from addresses that match the parent domain but are not user accounts, then it sounds like the server has been compromised. I would suggest that the usual precautions are taken, including the changing of the administrator account password and the server is rebooted.
Unless the server is exposed to the internet, the only way MALWARE gets installed on a server is by someone browsing to suspect sites from IE on the server itself. If you are browsing the internet from the server and it has disabled AV software then you will get very little sympathy.

Simon.
0
 
jcollesAuthor Commented:
Thanks for all the information.
So far as I know the server has only been used for searching things like Microsoft help files, but who knows, it has been around for a few years.  The owner of the system is currently trying to contact the isp. I sounds as if we need to do a virus/spyware scan of the server.  Is it sufficient to use an ordinairy PC security package, or does it need a full server virus checker which seems to be pretty expensive.
John
0
 
SembeeCommented:
Desktop AV applications will usually not install on to a server. The vendors need to retain their market. However some Enterprise class AV can be installed on anything.

You could try running one of the online scanners.

Simon.
0
 
jcollesAuthor Commented:
We checked with the isp, and the port had not been blocked.  The owner of the system then rang a company who used to support it and they had online access.  They changed something and it all now works, but unfortunately I have no idea what they did.
Thanks for you help and suggestions, your support was much appreciated even though we did not get to the final solution.John.
0
 
Vee_ModCommented:
Closed, 125 points refunded.
Vee_Mod
Community Support Moderator
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 3
  • 3
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now