Solved

Single user on Windows 2003 Sp2 domian/Exchange 2003 sp2 receiving mass amounts of Mailer-Daemon and Sytem Undeliverable emails

Posted on 2008-10-07
4
331 Views
Last Modified: 2013-11-30
Over this last weekend we had a one user account that started receiving mass amounts of returned spam emails with MAILER-DAEMON (Mailer Delivery System) and System Undeliverable. I have been battling spam for a while and have managed to keep it pretty minimal now with IMF as well as a Sonicwall firewall appliance with Spam filtering. I have read a few questions related to this one and have tried many of the suggestions that anyone may have had such as creating an SPF record and assuring my dns and reverse dns are correct. I do not have open relay and I am using recipeint filtering have enabled tarpit to my registry. I have scanned the particular users workstations with Kaspersky Anti Virus, Malwarebytes, and a few other antispyware apps. Last thing I have done was changed all the administrator passwords as well as most of our users passwords on our domain.  

I am looking for any open suggestions on this issue or if it's something simple that I may have overlooked.

0
Comment
Question by:hcp27
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 11

Accepted Solution

by:
Bertling earned 500 total points
ID: 22661729
are they bounces which say that the email does not exist but the user didnt even ever send them?

if so there isnt much you can do about it.

that users is getting the NDR for the message that was sent using his email address which was spoofed and sent from another mailserver.

so he gets the reply NDR as it is a real address that has been spoofed.

you can either block the NDRs using a spam filter

or put up with it, eventualy it will stop when the IP address of the server the spammers are using is blacklisted.
0
 

Author Comment

by:hcp27
ID: 22661797
Yes they are bounces that says the email doesn't exsist and the user never sent them.

Am i able to block NDRs with IMF or will I need to use a 3rd party application.
This is also the only user that is really receiving any type of spam too.  
0
 
LVL 11

Expert Comment

by:Bertling
ID: 22661858
yes go ahead and block them if you wish, you can always unblock them later once it all stops.

yah this happens time to time and sorry to say there is nothing you can do about it!!

if every one used SPF records then it wold solve this, but SPF isnt a "standard" :(
0
 

Author Comment

by:hcp27
ID: 22661885
Thanks for your prompt replies!
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
In this video we show how to create a Distribution Group in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >>…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question