[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

It looks like I am getting spoofed.  Noone from my domain is sending these messages.  Is there a way to stop this?

Posted on 2008-02-11
6
Medium Priority
?
280 Views
Last Modified: 2013-11-30
I am getting an error - Source: MSExchangeTransport, Category: SMTP Protocol, Event ID: 7004 and Enent ID: 7002 every few seconds.  I don't think anyone in my organization is sending out emails to the recipients listed in the error description.  Is my exchange server getting spoofed?  Can I stop it?  Should I be worried.

Here is an example of the error 7004:

This is an SMTP protocol error log for virtual server ID 1, connection #3309. The remote host "216.92.127.212", responded to the SMTP command "rcpt" with "553 This server does not accept mail for that address (#5.7.1)  ". The full command sent was "RCPT TO:<LadonnapolytechnicBateman@medical-search.org>  ".  This will probably cause the connection to fail.

Here is an example of the warning 7002:

This is an SMTP protocol warning log for virtual server ID 1, connection #3310. The remote host "206.169.106.4", responded to the SMTP command "rcpt" with "450 4.1.1 <FranciscaskitHorner@lisp.org>: Recipient address rejected: User unknown in local recipient table  ". The full command sent was "RCPT TO:<FranciscaskitHorner@lisp.org>  ".  This may cause the connection to fail.

0
Comment
Question by:brendanosmith
  • 3
  • 3
6 Comments
 
LVL 25

Expert Comment

by:kieran_b
ID: 20869107
That is more likely to be NDR spam than spoofing, you can combat it with recipient filtering and tarpitting -> http://www.amset.info/exchange/filter-unknown.asp

Kieran
0
 

Author Comment

by:brendanosmith
ID: 20869482
Thanks for your response.  Why would a remote host be responding that an address does not exist in my domain?  The email address mentioned in the error message is not our domain.  If the email address were @mydomain.com I would understand but my domain is neither  @medical-search.org, @lisp.org nor any other account mentioned in any other error.  If I don't understand this please explain.

Thanks
0
 
LVL 25

Expert Comment

by:kieran_b
ID: 20869529
>>Why would a remote host be responding that an address does not exist in my domain?

Where does it say that?  I can see it saying that the recipient address does not exist.

Here is what is happening;

"Spamming Monkey A" sends mail to sadlansiuhfiw@yourdomain.com pretending to be from target@someotherdomain.com

as sadlansiuhfiw@yourdomain.com is not a legitimate email address, your server dilligently tries to advise the sender that they got something wrong.  Unfortunately, the sender has been faked.  target@someotherdomain.com has just got the spam message, that "Spamming Monkey A" was always trying to send.
0
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

 

Author Comment

by:brendanosmith
ID: 20870558
Thanks for the response.  I want to make sure that I am clear.  The message is stating that "Recipient address rejected: User unknown in local recipient table ".  However the domain of the email address mentioned in the message (FranciscaskitHorner@lisp.org) is not mine.  To put it another way...my domain is not lisp.org.  So it seems to me that the exchange server at lisp.org is sending a message to me saying that the user does not exist in their domain.  It appears as if the mail server at lisp.org thinks that someone from my domain sent the email.  That is why I thought we were getting spoofed.  
0
 
LVL 25

Accepted Solution

by:
kieran_b earned 2000 total points
ID: 20870778
You are being spoofed, in a way.  It is technically known as NDR spam, spoofing is slightly different, but your description above is accurate as to what is happening.
0
 

Author Closing Comment

by:brendanosmith
ID: 31429912
Thanks for all of the help!!!
0

Featured Post

Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes Top 9 Exchange troubleshooting utilities that every Exchange Administrator should know. Most of the utilities are available free of cost. List of tools that I am going to explain in this article are:   Microsoft Remote Con…
There’s hardly a doubt that Business Communication is indispensable for both enterprises and small businesses, and if there is an email system outage owing to Exchange server failure, it definitely results in loss of productivity.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question