Solved

Why is Exchange 2010 Queue Viewer showing multiple "No Sender <>" items that can't be delivered?

Posted on 2010-09-15
3
1,878 Views
Last Modified: 2013-11-30
Microsoft Exchange 2010 server has been setup behind a Cisco Internet router with ACLs.  Originally SMTP connections were allowed from any host on the Internet and a few other things may have been mis-configured.  This resulted in the public IP address being listed on backscatter.org.  Now obviously some domains are not accepting the connection attempts.  The client is configured to have mail go through Postini first and now the router ACL has been reconfigured to only accept port 25 connections from Postini's public range.  I have tested this from Postini's web console and it is working.  Why is the server still trying to send out "Undeliverable" messages from no sender with obvious spam in the subject.  I am aware that other messages are in there because we are on the blacklist.  What is the best way to troubleshoot this?  I have been manually clearing out the messages an not sending an NDR.

Thanks.
0
Comment
Question by:InfoSysNetworks
3 Comments
 
LVL 9

Expert Comment

by:vanbarsoun
ID: 33686492
I would freeze the outbound queue first, then look at one of the outbound spam emails and check its internet headers. You'll have to actually open the file in the queue with notepad. This should tell you where the emails are originating, i.e. if somehow you're still an open relay or if there's an internal client that's infected and sending these out.
0
 

Author Comment

by:InfoSysNetworks
ID: 33688045
I have disable the Exchange 2010 outbound send connector.  I don't see how to view the details of messages in the queue (the Internet headers) or open them in notepad.  Port 25 is only open to the spam filtering company to deliver "clean" mail, so I don't think it would be an open relay.  I am able to do external DNS lookups from the Exchange server using nslookup.  I don't have any smarthost configured and I am just using external DNS for MX lookups.

 
0
 
LVL 31

Accepted Solution

by:
LeeDerbyshire earned 500 total points
ID: 33692094
Items showing a sender of <> are usually NDRs.  These are probably in response to people sending spam into your organisation.  Some of it will be addressed to made-up names in your domain, and some will be for ex-employees.  Since your server can't deliver it, it sends out an NDR (because it doesn't know it was spam).  The trouble is, the originating address is usually bogus, too; so your server can't deliver the NDR either.  So, they sit in the queue for a few days until your server gives up.  Most people don't worry about them, but you can configure your server not to send out NDRs.  That's not considered a good idea though, since you'll then have no genuine NDRs, either.  That's why most people ignore these things.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
When you’re making plans to join the modern business race, you should analyze various details that may affect your results. Nowadays, millions of businesses are trying to grow into established and appreciated professional enterprises.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question