?
Solved

Why is Exchange 2010 Queue Viewer showing multiple "No Sender <>" items that can't be delivered?

Posted on 2010-09-15
3
Medium Priority
?
1,927 Views
Last Modified: 2013-11-30
Microsoft Exchange 2010 server has been setup behind a Cisco Internet router with ACLs.  Originally SMTP connections were allowed from any host on the Internet and a few other things may have been mis-configured.  This resulted in the public IP address being listed on backscatter.org.  Now obviously some domains are not accepting the connection attempts.  The client is configured to have mail go through Postini first and now the router ACL has been reconfigured to only accept port 25 connections from Postini's public range.  I have tested this from Postini's web console and it is working.  Why is the server still trying to send out "Undeliverable" messages from no sender with obvious spam in the subject.  I am aware that other messages are in there because we are on the blacklist.  What is the best way to troubleshoot this?  I have been manually clearing out the messages an not sending an NDR.

Thanks.
0
Comment
Question by:InfoSysNetworks
3 Comments
 
LVL 9

Expert Comment

by:vanbarsoun
ID: 33686492
I would freeze the outbound queue first, then look at one of the outbound spam emails and check its internet headers. You'll have to actually open the file in the queue with notepad. This should tell you where the emails are originating, i.e. if somehow you're still an open relay or if there's an internal client that's infected and sending these out.
0
 

Author Comment

by:InfoSysNetworks
ID: 33688045
I have disable the Exchange 2010 outbound send connector.  I don't see how to view the details of messages in the queue (the Internet headers) or open them in notepad.  Port 25 is only open to the spam filtering company to deliver "clean" mail, so I don't think it would be an open relay.  I am able to do external DNS lookups from the Exchange server using nslookup.  I don't have any smarthost configured and I am just using external DNS for MX lookups.

 
0
 
LVL 31

Accepted Solution

by:
LeeDerbyshire earned 2000 total points
ID: 33692094
Items showing a sender of <> are usually NDRs.  These are probably in response to people sending spam into your organisation.  Some of it will be addressed to made-up names in your domain, and some will be for ex-employees.  Since your server can't deliver it, it sends out an NDR (because it doesn't know it was spam).  The trouble is, the originating address is usually bogus, too; so your server can't deliver the NDR either.  So, they sit in the queue for a few days until your server gives up.  Most people don't worry about them, but you can configure your server not to send out NDRs.  That's not considered a good idea though, since you'll then have no genuine NDRs, either.  That's why most people ignore these things.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

This is a very interesting topic. Ransomware has been around for a while but has increased drastically over the last year or so.
Microsoft has decided to launch the Exchange Server 2019 this year for its on-premise users. What’s new now Microsoft is going to serve its users? How good is it going to be on the current Exchange Server 2016? This blog is going to answer all queri…
This video discusses moving either the default database or any database to a new volume.
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question