Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Exchange NDRs reports getting to the users mailboxes becasue spam

Avatar of llarava
llaravaFlag for Afghanistan asked on
ExchangeAnti-Virus AppsEmail Protocols
5 Comments1 Solution497 ViewsLast Modified:

Exchange 2003 Ent (Cluster Active-Passive) Clients: Outlook 2003


We have some users reporting that they have recevied NDRs letting them know that some of the messages they have sent our there have not being received.

This is cleary spam/email spoofing so that they can cause an DoS via NDR's. Also the NDR messages contains an HTML file attached that has a virus named by Symantec "JS.QsiFrame"

Here is what I think is going on

E-mail virus "X" is on Joe's computer. It harvests all of the e-mail addresses it can find (including yours). It picks one at random and "spoofs" that one as the sender address, thus ensuring Joe doesn't get suspicious seeing the spate of failure messages (because everybody has a bunch of "dead" addresses in their address book). You lucked out being picked as the spoofed address. You don't have a virus. Joe has a virus.


1.) Does anyone know how can I get the number of NDR's that the Exchange server is sending out there? Any other suggestions on how to track this down?

2.) We are currently using Postini as the Enterprise Inbound Spam filter. Does anyone know how can we prevent this from happening again via Postini or any other methods (native to Exchange 2003 or Exchange 2007/2010)

Thank you



This is an automatically generated Delivery Status Notification. Delivery to the following recipients failed.        {removed email address}  

Avatar of richclawson

Our community of experts have been thoroughly vetted for their expertise and industry experience.

This problem has been solved!
Unlock 1 Answer and 5 Comments.
See Answers