Solved

Getting Spam After Upgrade of IMSS from 5.7 to 7.0

Posted on 2008-06-25
8
2,001 Views
Last Modified: 2009-12-21
Last Friday, we upgraded IMSS from 5.7 to 7.0.  Additionally, we use Postini for both in and outbound email spam protection, so all of our message headers inbound have a Postini "footprint" as it were.  

However, after the upgrade to 7.0, we have been getting spam email messages that simply say:

From:  postmaster@localhost
Subject:  Delivery Final Failure Notice
Body:  Can not deliver the message you sent.  Will not retry.

The header of the message has no Postini relays mentioned, and is in fact rather short, with a message id of <messageid@127.0.0.1>  but the message itself came FROM our IMSS server to our back-end Exchange Server and the postmaster account is NOT the one specified in the IMSS notification settings either.

IMSS is configured to only allow relaying to our internal Exchange server and our Postini relays.  What's different about this is that in 7.0, it lists 127.0.0.1 as a valid IP to allow relaying.  Trend Micro says we cannot remove it (i tried, twice, it keeps coming back) -- they say it's the way the program operates, but I think it's a little weird that 127.0.0.1 just so happens to be in the message ID of these spam messages too....

Any advice would be appreciated -- am I barking up the wrong tree?  Or is Trend really screwing me over in this new version??  Confused and frustrated with their technical support right now :(
0
Comment
Question by:kaos_theory
  • 4
  • 2
  • 2
8 Comments
 
LVL 19

Expert Comment

by:MrLonandB
ID: 21865228
Where in IMSS do you show 127.0.0.1...? We've just recently moved from IMSS 7.0...but I still have it on the Server and it worked fine for us. Do you have that IP identified somewhere in: Administration > IMSS Configuration > SMTP Routing...or just where do you have it?
0
 
LVL 2

Author Comment

by:kaos_theory
ID: 21865265
It's under:  Administration > IMSS Configuration > SMTP Routing > Connections tab, under Connection Control, we have "Deny All, except the following list", and to the right is our internal server IP, our Postini relays, and the loopback address....
0
 
LVL 19

Accepted Solution

by:
MrLonandB earned 500 total points
ID: 21865547
I see. Ours is set to "Accept all..." because it sits in a DMZ and delivers mail out directly...not to Postini as does yours.

But I am suspecting that the 127.0.0.1...is not the cause of the problem you are having. If you go to the "Message Rule" tab, under "Permitted Senders of Relayed Mail", do you have the "Specified IP addresses" configured?

The reason for my mentioning this, and even though your setup is a bit different than ours, when we first got 7.0...we had similar problems to what you are having. To correct the problem, Trend had me add my internal subnet AND the specific IP of my Exchange Server in there. So I had entries like this in the box adjacent to "Specified IP Addresses":

172.16.0.0:255.255.0.0
172.16.1.187

WIthout those IP addresses, I could not get mail to go out and would receive non-delivery notices similar to what you are having. Might be worth a try in your case to see if it makes a difference.
0
 
LVL 2

Author Comment

by:kaos_theory
ID: 21865647
Yeah, these settings migrated successfully from 5.7, the two domains we have, and "specified IP Addresses" with only the internal IP of our back end server and the Postini range as well listed under "permitted senders of relayed mail".

What's odd about the delivery notices is the bad grammar and the notification email address doesn't match our customized version of postmaster@"ourdomain.com"...
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 2

Author Comment

by:kaos_theory
ID: 21865707
Oh, also, I forgot to mention we're not having any outbound email flow issues...the undeliverable I got last night seemed unrelated to any messages I sent over the past few days....
0
 
LVL 2

Author Comment

by:kaos_theory
ID: 21865740
uhoh lol

Screeching halt on the breaks...Just sent a test message to a bogus account and got the same undeliverable notice -- this makes me feel so much better!!!  Now, to find out where the heck that pesky "postmaster@localhost" account is hiding so I can get rid of it.

Thanks for your help....sorry for the false alarm but at least you get free points :)  
0
 
LVL 2

Expert Comment

by:fulloutput
ID: 26025284
kaos theory, I am seeing similar messages after moving to IMSS7. Did you manage to locate the where the source address for the Delivery Final Failure Notice messages was set?
0
 
LVL 2

Expert Comment

by:fulloutput
ID: 26094429
Trend Micro Hotfix 56270 fixes the non-delivery report to include useful information such as the address that failed and remote server response code.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now