Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Getting Spam After Upgrade of IMSS from 5.7 to 7.0

Posted on 2008-06-25
8
Medium Priority
?
2,037 Views
Last Modified: 2009-12-21
Last Friday, we upgraded IMSS from 5.7 to 7.0.  Additionally, we use Postini for both in and outbound email spam protection, so all of our message headers inbound have a Postini "footprint" as it were.  

However, after the upgrade to 7.0, we have been getting spam email messages that simply say:

From:  postmaster@localhost
Subject:  Delivery Final Failure Notice
Body:  Can not deliver the message you sent.  Will not retry.

The header of the message has no Postini relays mentioned, and is in fact rather short, with a message id of <messageid@127.0.0.1>  but the message itself came FROM our IMSS server to our back-end Exchange Server and the postmaster account is NOT the one specified in the IMSS notification settings either.

IMSS is configured to only allow relaying to our internal Exchange server and our Postini relays.  What's different about this is that in 7.0, it lists 127.0.0.1 as a valid IP to allow relaying.  Trend Micro says we cannot remove it (i tried, twice, it keeps coming back) -- they say it's the way the program operates, but I think it's a little weird that 127.0.0.1 just so happens to be in the message ID of these spam messages too....

Any advice would be appreciated -- am I barking up the wrong tree?  Or is Trend really screwing me over in this new version??  Confused and frustrated with their technical support right now :(
0
Comment
Question by:kaos_theory
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 
LVL 19

Expert Comment

by:MrLonandB
ID: 21865228
Where in IMSS do you show 127.0.0.1...? We've just recently moved from IMSS 7.0...but I still have it on the Server and it worked fine for us. Do you have that IP identified somewhere in: Administration > IMSS Configuration > SMTP Routing...or just where do you have it?
0
 
LVL 2

Author Comment

by:kaos_theory
ID: 21865265
It's under:  Administration > IMSS Configuration > SMTP Routing > Connections tab, under Connection Control, we have "Deny All, except the following list", and to the right is our internal server IP, our Postini relays, and the loopback address....
0
 
LVL 19

Accepted Solution

by:
MrLonandB earned 2000 total points
ID: 21865547
I see. Ours is set to "Accept all..." because it sits in a DMZ and delivers mail out directly...not to Postini as does yours.

But I am suspecting that the 127.0.0.1...is not the cause of the problem you are having. If you go to the "Message Rule" tab, under "Permitted Senders of Relayed Mail", do you have the "Specified IP addresses" configured?

The reason for my mentioning this, and even though your setup is a bit different than ours, when we first got 7.0...we had similar problems to what you are having. To correct the problem, Trend had me add my internal subnet AND the specific IP of my Exchange Server in there. So I had entries like this in the box adjacent to "Specified IP Addresses":

172.16.0.0:255.255.0.0
172.16.1.187

WIthout those IP addresses, I could not get mail to go out and would receive non-delivery notices similar to what you are having. Might be worth a try in your case to see if it makes a difference.
0
Learn how to optimize MySQL for your business need

With the increasing importance of apps & networks in both business & personal interconnections, perfor. has become one of the key metrics of successful communication. This ebook is a hands-on business-case-driven guide to understanding MySQL query parameter tuning & database perf

 
LVL 2

Author Comment

by:kaos_theory
ID: 21865647
Yeah, these settings migrated successfully from 5.7, the two domains we have, and "specified IP Addresses" with only the internal IP of our back end server and the Postini range as well listed under "permitted senders of relayed mail".

What's odd about the delivery notices is the bad grammar and the notification email address doesn't match our customized version of postmaster@"ourdomain.com"...
0
 
LVL 2

Author Comment

by:kaos_theory
ID: 21865707
Oh, also, I forgot to mention we're not having any outbound email flow issues...the undeliverable I got last night seemed unrelated to any messages I sent over the past few days....
0
 
LVL 2

Author Comment

by:kaos_theory
ID: 21865740
uhoh lol

Screeching halt on the breaks...Just sent a test message to a bogus account and got the same undeliverable notice -- this makes me feel so much better!!!  Now, to find out where the heck that pesky "postmaster@localhost" account is hiding so I can get rid of it.

Thanks for your help....sorry for the false alarm but at least you get free points :)  
0
 
LVL 2

Expert Comment

by:fulloutput
ID: 26025284
kaos theory, I am seeing similar messages after moving to IMSS7. Did you manage to locate the where the source address for the Delivery Final Failure Notice messages was set?
0
 
LVL 2

Expert Comment

by:fulloutput
ID: 26094429
Trend Micro Hotfix 56270 fixes the non-delivery report to include useful information such as the address that failed and remote server response code.
0

Featured Post

What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
Easy CSR creation in Exchange 2007,2010 and 2013
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question