Solved

Single user on Windows 2003 Sp2 domian/Exchange 2003 sp2 receiving mass amounts of Mailer-Daemon and Sytem Undeliverable emails

Posted on 2008-10-07
4
314 Views
Last Modified: 2013-11-30
Over this last weekend we had a one user account that started receiving mass amounts of returned spam emails with MAILER-DAEMON (Mailer Delivery System) and System Undeliverable. I have been battling spam for a while and have managed to keep it pretty minimal now with IMF as well as a Sonicwall firewall appliance with Spam filtering. I have read a few questions related to this one and have tried many of the suggestions that anyone may have had such as creating an SPF record and assuring my dns and reverse dns are correct. I do not have open relay and I am using recipeint filtering have enabled tarpit to my registry. I have scanned the particular users workstations with Kaspersky Anti Virus, Malwarebytes, and a few other antispyware apps. Last thing I have done was changed all the administrator passwords as well as most of our users passwords on our domain.  

I am looking for any open suggestions on this issue or if it's something simple that I may have overlooked.

0
Comment
Question by:hcp27
  • 2
  • 2
4 Comments
 
LVL 11

Accepted Solution

by:
Bertling earned 500 total points
ID: 22661729
are they bounces which say that the email does not exist but the user didnt even ever send them?

if so there isnt much you can do about it.

that users is getting the NDR for the message that was sent using his email address which was spoofed and sent from another mailserver.

so he gets the reply NDR as it is a real address that has been spoofed.

you can either block the NDRs using a spam filter

or put up with it, eventualy it will stop when the IP address of the server the spammers are using is blacklisted.
0
 

Author Comment

by:hcp27
ID: 22661797
Yes they are bounces that says the email doesn't exsist and the user never sent them.

Am i able to block NDRs with IMF or will I need to use a 3rd party application.
This is also the only user that is really receiving any type of spam too.  
0
 
LVL 11

Expert Comment

by:Bertling
ID: 22661858
yes go ahead and block them if you wish, you can always unblock them later once it all stops.

yah this happens time to time and sorry to say there is nothing you can do about it!!

if every one used SPF records then it wold solve this, but SPF isnt a "standard" :(
0
 

Author Comment

by:hcp27
ID: 22661885
Thanks for your prompt replies!
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Following basic email etiquette rules will help you write a professional email and achieve a good, lasting impression with your contacts.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now