Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Getting Spam After Upgrade of IMSS from 5.7 to 7.0

Posted on 2008-06-25
8
Medium Priority
?
2,045 Views
Last Modified: 2009-12-21
Last Friday, we upgraded IMSS from 5.7 to 7.0.  Additionally, we use Postini for both in and outbound email spam protection, so all of our message headers inbound have a Postini "footprint" as it were.  

However, after the upgrade to 7.0, we have been getting spam email messages that simply say:

From:  postmaster@localhost
Subject:  Delivery Final Failure Notice
Body:  Can not deliver the message you sent.  Will not retry.

The header of the message has no Postini relays mentioned, and is in fact rather short, with a message id of <messageid@127.0.0.1>  but the message itself came FROM our IMSS server to our back-end Exchange Server and the postmaster account is NOT the one specified in the IMSS notification settings either.

IMSS is configured to only allow relaying to our internal Exchange server and our Postini relays.  What's different about this is that in 7.0, it lists 127.0.0.1 as a valid IP to allow relaying.  Trend Micro says we cannot remove it (i tried, twice, it keeps coming back) -- they say it's the way the program operates, but I think it's a little weird that 127.0.0.1 just so happens to be in the message ID of these spam messages too....

Any advice would be appreciated -- am I barking up the wrong tree?  Or is Trend really screwing me over in this new version??  Confused and frustrated with their technical support right now :(
0
Comment
Question by:kaos_theory
  • 4
  • 2
  • 2
8 Comments
 
LVL 19

Expert Comment

by:MrLonandB
ID: 21865228
Where in IMSS do you show 127.0.0.1...? We've just recently moved from IMSS 7.0...but I still have it on the Server and it worked fine for us. Do you have that IP identified somewhere in: Administration > IMSS Configuration > SMTP Routing...or just where do you have it?
0
 
LVL 2

Author Comment

by:kaos_theory
ID: 21865265
It's under:  Administration > IMSS Configuration > SMTP Routing > Connections tab, under Connection Control, we have "Deny All, except the following list", and to the right is our internal server IP, our Postini relays, and the loopback address....
0
 
LVL 19

Accepted Solution

by:
MrLonandB earned 2000 total points
ID: 21865547
I see. Ours is set to "Accept all..." because it sits in a DMZ and delivers mail out directly...not to Postini as does yours.

But I am suspecting that the 127.0.0.1...is not the cause of the problem you are having. If you go to the "Message Rule" tab, under "Permitted Senders of Relayed Mail", do you have the "Specified IP addresses" configured?

The reason for my mentioning this, and even though your setup is a bit different than ours, when we first got 7.0...we had similar problems to what you are having. To correct the problem, Trend had me add my internal subnet AND the specific IP of my Exchange Server in there. So I had entries like this in the box adjacent to "Specified IP Addresses":

172.16.0.0:255.255.0.0
172.16.1.187

WIthout those IP addresses, I could not get mail to go out and would receive non-delivery notices similar to what you are having. Might be worth a try in your case to see if it makes a difference.
0
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

 
LVL 2

Author Comment

by:kaos_theory
ID: 21865647
Yeah, these settings migrated successfully from 5.7, the two domains we have, and "specified IP Addresses" with only the internal IP of our back end server and the Postini range as well listed under "permitted senders of relayed mail".

What's odd about the delivery notices is the bad grammar and the notification email address doesn't match our customized version of postmaster@"ourdomain.com"...
0
 
LVL 2

Author Comment

by:kaos_theory
ID: 21865707
Oh, also, I forgot to mention we're not having any outbound email flow issues...the undeliverable I got last night seemed unrelated to any messages I sent over the past few days....
0
 
LVL 2

Author Comment

by:kaos_theory
ID: 21865740
uhoh lol

Screeching halt on the breaks...Just sent a test message to a bogus account and got the same undeliverable notice -- this makes me feel so much better!!!  Now, to find out where the heck that pesky "postmaster@localhost" account is hiding so I can get rid of it.

Thanks for your help....sorry for the false alarm but at least you get free points :)  
0
 
LVL 2

Expert Comment

by:fulloutput
ID: 26025284
kaos theory, I am seeing similar messages after moving to IMSS7. Did you manage to locate the where the source address for the Delivery Final Failure Notice messages was set?
0
 
LVL 2

Expert Comment

by:fulloutput
ID: 26094429
Trend Micro Hotfix 56270 fixes the non-delivery report to include useful information such as the address that failed and remote server response code.
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
The main intent of this article is to make you aware of ‘Exchange fail to mount’ error, its effects, causes, and solution.
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question