Solved

Single user on Windows 2003 Sp2 domian/Exchange 2003 sp2 receiving mass amounts of Mailer-Daemon and Sytem Undeliverable emails

Posted on 2008-10-07
4
336 Views
Last Modified: 2013-11-30
Over this last weekend we had a one user account that started receiving mass amounts of returned spam emails with MAILER-DAEMON (Mailer Delivery System) and System Undeliverable. I have been battling spam for a while and have managed to keep it pretty minimal now with IMF as well as a Sonicwall firewall appliance with Spam filtering. I have read a few questions related to this one and have tried many of the suggestions that anyone may have had such as creating an SPF record and assuring my dns and reverse dns are correct. I do not have open relay and I am using recipeint filtering have enabled tarpit to my registry. I have scanned the particular users workstations with Kaspersky Anti Virus, Malwarebytes, and a few other antispyware apps. Last thing I have done was changed all the administrator passwords as well as most of our users passwords on our domain.  

I am looking for any open suggestions on this issue or if it's something simple that I may have overlooked.

0
Comment
Question by:hcp27
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 11

Accepted Solution

by:
Bertling earned 500 total points
ID: 22661729
are they bounces which say that the email does not exist but the user didnt even ever send them?

if so there isnt much you can do about it.

that users is getting the NDR for the message that was sent using his email address which was spoofed and sent from another mailserver.

so he gets the reply NDR as it is a real address that has been spoofed.

you can either block the NDRs using a spam filter

or put up with it, eventualy it will stop when the IP address of the server the spammers are using is blacklisted.
0
 

Author Comment

by:hcp27
ID: 22661797
Yes they are bounces that says the email doesn't exsist and the user never sent them.

Am i able to block NDRs with IMF or will I need to use a 3rd party application.
This is also the only user that is really receiving any type of spam too.  
0
 
LVL 11

Expert Comment

by:Bertling
ID: 22661858
yes go ahead and block them if you wish, you can always unblock them later once it all stops.

yah this happens time to time and sorry to say there is nothing you can do about it!!

if every one used SPF records then it wold solve this, but SPF isnt a "standard" :(
0
 

Author Comment

by:hcp27
ID: 22661885
Thanks for your prompt replies!
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question