Solved

Why is Exchange 2010 Queue Viewer showing multiple "No Sender <>" items that can't be delivered?

Posted on 2010-09-15
3
1,842 Views
Last Modified: 2013-11-30
Microsoft Exchange 2010 server has been setup behind a Cisco Internet router with ACLs.  Originally SMTP connections were allowed from any host on the Internet and a few other things may have been mis-configured.  This resulted in the public IP address being listed on backscatter.org.  Now obviously some domains are not accepting the connection attempts.  The client is configured to have mail go through Postini first and now the router ACL has been reconfigured to only accept port 25 connections from Postini's public range.  I have tested this from Postini's web console and it is working.  Why is the server still trying to send out "Undeliverable" messages from no sender with obvious spam in the subject.  I am aware that other messages are in there because we are on the blacklist.  What is the best way to troubleshoot this?  I have been manually clearing out the messages an not sending an NDR.

Thanks.
0
Comment
Question by:InfoSysNetworks
3 Comments
 
LVL 9

Expert Comment

by:vanbarsoun
ID: 33686492
I would freeze the outbound queue first, then look at one of the outbound spam emails and check its internet headers. You'll have to actually open the file in the queue with notepad. This should tell you where the emails are originating, i.e. if somehow you're still an open relay or if there's an internal client that's infected and sending these out.
0
 

Author Comment

by:InfoSysNetworks
ID: 33688045
I have disable the Exchange 2010 outbound send connector.  I don't see how to view the details of messages in the queue (the Internet headers) or open them in notepad.  Port 25 is only open to the spam filtering company to deliver "clean" mail, so I don't think it would be an open relay.  I am able to do external DNS lookups from the Exchange server using nslookup.  I don't have any smarthost configured and I am just using external DNS for MX lookups.

 
0
 
LVL 31

Accepted Solution

by:
LeeDerbyshire earned 500 total points
ID: 33692094
Items showing a sender of <> are usually NDRs.  These are probably in response to people sending spam into your organisation.  Some of it will be addressed to made-up names in your domain, and some will be for ex-employees.  Since your server can't deliver it, it sends out an NDR (because it doesn't know it was spam).  The trouble is, the originating address is usually bogus, too; so your server can't deliver the NDR either.  So, they sit in the queue for a few days until your server gives up.  Most people don't worry about them, but you can configure your server not to send out NDRs.  That's not considered a good idea though, since you'll then have no genuine NDRs, either.  That's why most people ignore these things.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

"Migrate" an SMTP relay receive connector to a new server using info from an old server.
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now