Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Single user on Windows 2003 Sp2 domian/Exchange 2003 sp2 receiving mass amounts of Mailer-Daemon and Sytem Undeliverable emails

Posted on 2008-10-07
4
323 Views
Last Modified: 2013-11-30
Over this last weekend we had a one user account that started receiving mass amounts of returned spam emails with MAILER-DAEMON (Mailer Delivery System) and System Undeliverable. I have been battling spam for a while and have managed to keep it pretty minimal now with IMF as well as a Sonicwall firewall appliance with Spam filtering. I have read a few questions related to this one and have tried many of the suggestions that anyone may have had such as creating an SPF record and assuring my dns and reverse dns are correct. I do not have open relay and I am using recipeint filtering have enabled tarpit to my registry. I have scanned the particular users workstations with Kaspersky Anti Virus, Malwarebytes, and a few other antispyware apps. Last thing I have done was changed all the administrator passwords as well as most of our users passwords on our domain.  

I am looking for any open suggestions on this issue or if it's something simple that I may have overlooked.

0
Comment
Question by:hcp27
  • 2
  • 2
4 Comments
 
LVL 11

Accepted Solution

by:
Bertling earned 500 total points
ID: 22661729
are they bounces which say that the email does not exist but the user didnt even ever send them?

if so there isnt much you can do about it.

that users is getting the NDR for the message that was sent using his email address which was spoofed and sent from another mailserver.

so he gets the reply NDR as it is a real address that has been spoofed.

you can either block the NDRs using a spam filter

or put up with it, eventualy it will stop when the IP address of the server the spammers are using is blacklisted.
0
 

Author Comment

by:hcp27
ID: 22661797
Yes they are bounces that says the email doesn't exsist and the user never sent them.

Am i able to block NDRs with IMF or will I need to use a 3rd party application.
This is also the only user that is really receiving any type of spam too.  
0
 
LVL 11

Expert Comment

by:Bertling
ID: 22661858
yes go ahead and block them if you wish, you can always unblock them later once it all stops.

yah this happens time to time and sorry to say there is nothing you can do about it!!

if every one used SPF records then it wold solve this, but SPF isnt a "standard" :(
0
 

Author Comment

by:hcp27
ID: 22661885
Thanks for your prompt replies!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

MS Outlook is a world-class email client application that is mainly used for e-communication globally.  In this article, we will discuss the basic idea about MS Outlook, its advanced features, and types of MS Outlook File formats.
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
In this Micro Video tutorial you will learn the basics about Database Availability Groups and How to configure one using a live Exchange Server Environment. The video tutorial explains the basics of the Exchange server Database Availability grou…

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question