Solved

Getting Spam After Upgrade of IMSS from 5.7 to 7.0

Posted on 2008-06-25
8
2,014 Views
Last Modified: 2009-12-21
Last Friday, we upgraded IMSS from 5.7 to 7.0.  Additionally, we use Postini for both in and outbound email spam protection, so all of our message headers inbound have a Postini "footprint" as it were.  

However, after the upgrade to 7.0, we have been getting spam email messages that simply say:

From:  postmaster@localhost
Subject:  Delivery Final Failure Notice
Body:  Can not deliver the message you sent.  Will not retry.

The header of the message has no Postini relays mentioned, and is in fact rather short, with a message id of <messageid@127.0.0.1>  but the message itself came FROM our IMSS server to our back-end Exchange Server and the postmaster account is NOT the one specified in the IMSS notification settings either.

IMSS is configured to only allow relaying to our internal Exchange server and our Postini relays.  What's different about this is that in 7.0, it lists 127.0.0.1 as a valid IP to allow relaying.  Trend Micro says we cannot remove it (i tried, twice, it keeps coming back) -- they say it's the way the program operates, but I think it's a little weird that 127.0.0.1 just so happens to be in the message ID of these spam messages too....

Any advice would be appreciated -- am I barking up the wrong tree?  Or is Trend really screwing me over in this new version??  Confused and frustrated with their technical support right now :(
0
Comment
Question by:kaos_theory
  • 4
  • 2
  • 2
8 Comments
 
LVL 19

Expert Comment

by:MrLonandB
ID: 21865228
Where in IMSS do you show 127.0.0.1...? We've just recently moved from IMSS 7.0...but I still have it on the Server and it worked fine for us. Do you have that IP identified somewhere in: Administration > IMSS Configuration > SMTP Routing...or just where do you have it?
0
 
LVL 2

Author Comment

by:kaos_theory
ID: 21865265
It's under:  Administration > IMSS Configuration > SMTP Routing > Connections tab, under Connection Control, we have "Deny All, except the following list", and to the right is our internal server IP, our Postini relays, and the loopback address....
0
 
LVL 19

Accepted Solution

by:
MrLonandB earned 500 total points
ID: 21865547
I see. Ours is set to "Accept all..." because it sits in a DMZ and delivers mail out directly...not to Postini as does yours.

But I am suspecting that the 127.0.0.1...is not the cause of the problem you are having. If you go to the "Message Rule" tab, under "Permitted Senders of Relayed Mail", do you have the "Specified IP addresses" configured?

The reason for my mentioning this, and even though your setup is a bit different than ours, when we first got 7.0...we had similar problems to what you are having. To correct the problem, Trend had me add my internal subnet AND the specific IP of my Exchange Server in there. So I had entries like this in the box adjacent to "Specified IP Addresses":

172.16.0.0:255.255.0.0
172.16.1.187

WIthout those IP addresses, I could not get mail to go out and would receive non-delivery notices similar to what you are having. Might be worth a try in your case to see if it makes a difference.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 2

Author Comment

by:kaos_theory
ID: 21865647
Yeah, these settings migrated successfully from 5.7, the two domains we have, and "specified IP Addresses" with only the internal IP of our back end server and the Postini range as well listed under "permitted senders of relayed mail".

What's odd about the delivery notices is the bad grammar and the notification email address doesn't match our customized version of postmaster@"ourdomain.com"...
0
 
LVL 2

Author Comment

by:kaos_theory
ID: 21865707
Oh, also, I forgot to mention we're not having any outbound email flow issues...the undeliverable I got last night seemed unrelated to any messages I sent over the past few days....
0
 
LVL 2

Author Comment

by:kaos_theory
ID: 21865740
uhoh lol

Screeching halt on the breaks...Just sent a test message to a bogus account and got the same undeliverable notice -- this makes me feel so much better!!!  Now, to find out where the heck that pesky "postmaster@localhost" account is hiding so I can get rid of it.

Thanks for your help....sorry for the false alarm but at least you get free points :)  
0
 
LVL 2

Expert Comment

by:fulloutput
ID: 26025284
kaos theory, I am seeing similar messages after moving to IMSS7. Did you manage to locate the where the source address for the Delivery Final Failure Notice messages was set?
0
 
LVL 2

Expert Comment

by:fulloutput
ID: 26094429
Trend Micro Hotfix 56270 fixes the non-delivery report to include useful information such as the address that failed and remote server response code.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question