?
Solved

Single user on Windows 2003 Sp2 domian/Exchange 2003 sp2 receiving mass amounts of Mailer-Daemon and Sytem Undeliverable emails

Posted on 2008-10-07
4
Medium Priority
?
343 Views
Last Modified: 2013-11-30
Over this last weekend we had a one user account that started receiving mass amounts of returned spam emails with MAILER-DAEMON (Mailer Delivery System) and System Undeliverable. I have been battling spam for a while and have managed to keep it pretty minimal now with IMF as well as a Sonicwall firewall appliance with Spam filtering. I have read a few questions related to this one and have tried many of the suggestions that anyone may have had such as creating an SPF record and assuring my dns and reverse dns are correct. I do not have open relay and I am using recipeint filtering have enabled tarpit to my registry. I have scanned the particular users workstations with Kaspersky Anti Virus, Malwarebytes, and a few other antispyware apps. Last thing I have done was changed all the administrator passwords as well as most of our users passwords on our domain.  

I am looking for any open suggestions on this issue or if it's something simple that I may have overlooked.

0
Comment
Question by:hcp27
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 11

Accepted Solution

by:
Bertling earned 2000 total points
ID: 22661729
are they bounces which say that the email does not exist but the user didnt even ever send them?

if so there isnt much you can do about it.

that users is getting the NDR for the message that was sent using his email address which was spoofed and sent from another mailserver.

so he gets the reply NDR as it is a real address that has been spoofed.

you can either block the NDRs using a spam filter

or put up with it, eventualy it will stop when the IP address of the server the spammers are using is blacklisted.
0
 

Author Comment

by:hcp27
ID: 22661797
Yes they are bounces that says the email doesn't exsist and the user never sent them.

Am i able to block NDRs with IMF or will I need to use a 3rd party application.
This is also the only user that is really receiving any type of spam too.  
0
 
LVL 11

Expert Comment

by:Bertling
ID: 22661858
yes go ahead and block them if you wish, you can always unblock them later once it all stops.

yah this happens time to time and sorry to say there is nothing you can do about it!!

if every one used SPF records then it wold solve this, but SPF isnt a "standard" :(
0
 

Author Comment

by:hcp27
ID: 22661885
Thanks for your prompt replies!
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Check out this step-by-step guide for using the newly updated Experts Exchange mobile app—released on May 30.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses
Course of the Month8 days, 5 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question