NDR Spam attack
Posted on 2010-11-18
My client suddenly has 1 user receiving loads of these NDR's thtough:
----- Original Message -----
From: Mail Delivery System <Mailer-Daemon@dedic0.cmspanel.ru>
Sent: Thu Nov 18 06:16:08 2010
Subject: Mail delivery failed: returning message to sender
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:
mailbox is full: retry timeout exceeded
Needless to say he didnt send the original message.
My client has good email hygeine - Reverse DNS is set up, SPF, not an open relay, Anti-Spam appliance, etc.
There are 0 queues in Exchange 2007 EMC.
How do I stop this? The majority are from .ru domains!