?
Solved

This is an SMTP protocol warning log for virtual server ID 1, connection #15

Posted on 2008-01-28
4
Medium Priority
?
4,390 Views
Last Modified: 2013-11-30
Hello

I am getting the following error in my Event Viewer:

This is an SMTP protocol warning log for virtual server ID 1, connection #15. The remote host "203.16.214.182", responded to the SMTP command "mail" with "453 #4.1.8 Domain of sender address <jramos@ranido.com> does not exist  ". The full command sent was "MAIL FROM:<jramos@ranido.com> SIZE=5668  ".  This may cause the connection to fail.

I picked this up when I received an email from my ISP saying that my mail server was sending excessive spam. I enabled logging on SMTP and received the above error message. It continually occurs at random intervals - at least once every 10 minutes or so. I believe it is spam as I do not recognize the Mail From address. I have blocked the domain in ISA using the SMTP filter but I still get the message showing up in event viewer.

SMTP relay is disabled on my server.

Please advise me as to what should be my next step in:

1- making sure my server isnt being used to send spam
2- stopping the error from showing up in my event viewer

Regards
Gavin McMillan
0
Comment
Question by:gavinandrewmcmillan
  • 2
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
tgtran earned 2000 total points
ID: 20764648
What you are facing is spammers using spoofing against your server.
Let say I am a spammer from spammer@baddomain.com, I send an email to devil@yourdomain.com with the sender address as me@mydomain.com (a valid address).  Your server received the message and check your AD but no one with "devil" email address.  It then sends the message back to the sender saying the "devil" does not exist (NDR - non-delivery report); so, in effect, the spammer send a message to me@mydomain.com via your server's NDR mechanism.

The errors you see are just those messages bounced back from the other servers - wrong addresses.

One thing you can do to stop this right now is to disable NDR on Exchange, see this KB
http://support.microsoft.com/?kbid=909005

Then, you may want to implement IMF.  However, the long term solution is to enlist a 3rd party spam filtering like Postini (save your bandwidth by receiving only good filtered messages) or something like a Barracuda box.

0
 
LVL 2

Author Comment

by:gavinandrewmcmillan
ID: 20764681
Hi tgran

Thanks for your comment, I will disable NDR and see how that all goes. I added the domain to the blocked list in ISA SMTP Filter and havent had any issues at this point, will keep an eye on it though.

Also curious, at present I have Trend Micro Client Server Messaging suite for SMB as my antivirus/spam etc solution, it hasnt seemed to have picked this up, would you consider that a hardware solution may be better than Software?

I will award you the points as you have explained what the issue was and how to fix it!

Regards
Gavin McMillan
0
 
LVL 2

Author Closing Comment

by:gavinandrewmcmillan
ID: 31425844
Hi, thanks again for the answer, figured id leave feadback!

Was really happy with the structure of your answer... addressed the question, explained it clearly and gave a good solution.

Regards
Gavin
0
 
LVL 12

Expert Comment

by:tgtran
ID: 20766213
Trend CSM filters spam that directs to valid users.  What you would need is something that can filter the recipient on the message against a list of internal email addresses.
Good luck!
0

Featured Post

2018 Annual Membership Survey

Here at Experts Exchange, we strive to give members the best experience. Help us improve the site by taking this survey today! (Bonus: Be entered to win a great tech prize for participating!)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
Last month Marc Laliberte, WatchGuard’s Senior Threat Analyst, contributed reviewed the three major email authentication anti-phishing technology standards: SPF, DKIM, and DMARC. Learn more in part 2 of the series originally posted in Cyber Defense …
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

593 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question