Solved

Mass emails are being sent out by one of our companies email address...

Posted on 2008-10-21
7
307 Views
Last Modified: 2012-05-05
An email address has been taken over by a virus or other annoyance and is sending out mass emails causing this email address to be flooded with junk emails, undeliverable mail, and post master returns and I am unsure how to go about stopping this.  I have ran a virus scan on the computer that has outlook installed on it and turned this machine of but the emails are still coming in.  There really are no similarities that I can see in the returned emails as far as email address or IP.  any info\help is greatly appreciated!
0
Comment
Question by:adamhicks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 11

Expert Comment

by:Bertling
ID: 22768006
There is nothing you can do about this.
by the sounds of it this mail address is being used to spoof spam emails
the NRds and system admin messages you get back are called backscatter.

what is happening is a server some where on the internet is spoofing the legitimate email address.
hundreds of messages are sent out and when a message is sent to an email server with a non existant mail address the NDR is sent back to the spoofed address which in turn fills up the mailbox with back scatter NDR emails.

there is not much you can do but block the NDRs or make a rule to move any NDR email to a sub folder or just pernamently delete it from the mailbox.

hope this helps
0
 
LVL 19

Accepted Solution

by:
MrLonandB earned 500 total points
ID: 22768008
I would first go into ESM and stop the queues. Next, go to the properties of the SMTP Virtual server > Access > Relay Restrictions > Relay...and make sure that it is set to "Only the list below" with nothing in the list. If it is already configured that way, uncheck the box in the same location that allows authenticated users to relay regardless...then delete junk out of your queue and restart it.

If you have an SMTP Connector, to to the properties of it and in the "Address Space" tab...make sure the box is not checked to relay to all domains at the very bottom.

Try those things first and see what happens.
0
 

Author Comment

by:adamhicks
ID: 22768374
Ok everything in the ESM was set to what you said except for the allow authenticated users to relay regardless checkbox.  Once I unchecked that box the junk emails have seem to stop coming in and all other emails still seem to be flowing correctly.  It has only been about 10 min but so far so good.  what exactly does that check box do if you don't mind explaining it to me.
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 11

Expert Comment

by:Bertling
ID: 22768503
if you untick allow authenticated users to relay this would stop your local exchange server being used to relay messages out by a possible virus as you have stated. The reason being is that the user who may be infected is already authenticated on the domain which permits them to relay junk through the mail server. so in theory if a pc was infected it wont be able to relay mail any more and fix your problem how ever this virus on this pc will need to be cleaned.
check your logs in exchange to track the mail sent from the user who is getting all the NDRs to confirm if it was relayed through your excahnge server.
0
 
LVL 19

Expert Comment

by:MrLonandB
ID: 22769218
Is your mail still flowing in and out correctly...without the relayed traffic?
0
 

Author Comment

by:adamhicks
ID: 22769295
Yes so far so good.  We can send/receive from inside and outside email addresses.  I did get a couple more junk emails but it has slowed down tremendously. Its been about 2 hours and received 3 junk emails.  Before we were receiving about 5 every min.  I am going to continue to monitor it but it looks to be fixed.
0
 
LVL 19

Expert Comment

by:MrLonandB
ID: 22769640
If you are only receiviing 3 junks in 2 hours...you're doing pretty darn good compared to alot of folks!
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article lists the top 5 free OST to PST Converter Tools. These tools save a lot of time for users when they want to convert OST to PST after their exchange server is no longer available or some other critical issue with exchange server or impor…
How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question