Solved

Why is Exchange 2010 Queue Viewer showing multiple "No Sender <>" items that can't be delivered?

Posted on 2010-09-15
3
1,901 Views
Last Modified: 2013-11-30
Microsoft Exchange 2010 server has been setup behind a Cisco Internet router with ACLs.  Originally SMTP connections were allowed from any host on the Internet and a few other things may have been mis-configured.  This resulted in the public IP address being listed on backscatter.org.  Now obviously some domains are not accepting the connection attempts.  The client is configured to have mail go through Postini first and now the router ACL has been reconfigured to only accept port 25 connections from Postini's public range.  I have tested this from Postini's web console and it is working.  Why is the server still trying to send out "Undeliverable" messages from no sender with obvious spam in the subject.  I am aware that other messages are in there because we are on the blacklist.  What is the best way to troubleshoot this?  I have been manually clearing out the messages an not sending an NDR.

Thanks.
0
Comment
Question by:InfoSysNetworks
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 9

Expert Comment

by:vanbarsoun
ID: 33686492
I would freeze the outbound queue first, then look at one of the outbound spam emails and check its internet headers. You'll have to actually open the file in the queue with notepad. This should tell you where the emails are originating, i.e. if somehow you're still an open relay or if there's an internal client that's infected and sending these out.
0
 

Author Comment

by:InfoSysNetworks
ID: 33688045
I have disable the Exchange 2010 outbound send connector.  I don't see how to view the details of messages in the queue (the Internet headers) or open them in notepad.  Port 25 is only open to the spam filtering company to deliver "clean" mail, so I don't think it would be an open relay.  I am able to do external DNS lookups from the Exchange server using nslookup.  I don't have any smarthost configured and I am just using external DNS for MX lookups.

 
0
 
LVL 31

Accepted Solution

by:
LeeDerbyshire earned 500 total points
ID: 33692094
Items showing a sender of <> are usually NDRs.  These are probably in response to people sending spam into your organisation.  Some of it will be addressed to made-up names in your domain, and some will be for ex-employees.  Since your server can't deliver it, it sends out an NDR (because it doesn't know it was spam).  The trouble is, the originating address is usually bogus, too; so your server can't deliver the NDR either.  So, they sit in the queue for a few days until your server gives up.  Most people don't worry about them, but you can configure your server not to send out NDRs.  That's not considered a good idea though, since you'll then have no genuine NDRs, either.  That's why most people ignore these things.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
In this video we show how to create a Contact in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Contact ta…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question