?
Solved

Tracking SPAM

Posted on 2011-09-08
7
Medium Priority
?
338 Views
Last Modified: 2012-05-12
I'm getting messages about the remote queue length being exceeded.  When I look at the SMTP queue there are messages from postmaster@<my domain>.com which are obviously SPAM. How do I tell where these are originating?  There is no "postmaster" account.  Message tracking does not tell me where they are originating.  SBS 2003, Exchange 2003.
0
Comment
Question by:HCPCJJ1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36507372
Postmater@ are usually undeliverable messages. They are coming from a user inside.

In any case, have you looked at this KB?

http://support.microsoft.com/kb/886208
0
 

Author Comment

by:HCPCJJ1
ID: 36507617
Yes, recipient filtering was already enabled.
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36507798
See if you have a user account that is created in AD that there is not a mailbox in Exchange for. If someone is sending emails out to a distribution group that a user is a part of, but no mailbox associated with, you can get these postmaster (NDR) messages.

Please Advise.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:HCPCJJ1
ID: 36510110
We're only a 25 member organization.  No users without Exchange accounts.  These are definitely NDR messages with SPAM content.  I'm trying to determine why they're in my outbound queue.
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36512054
Check out this other Q&A for solutions. This might be your fix.

Please Advise!
0
 
LVL 5

Accepted Solution

by:
Feebleminder earned 1000 total points
ID: 36512057
0
 

Author Closing Comment

by:HCPCJJ1
ID: 36512805
Very close.  The problem turned out to be NDR's for accounts that existed, but were disabled.  We're a law firm, so when a user leaves, I disable their account, but keep the EMails for sometimes years depending on their position.  Most of the users subscribe to multiple listserves, so the mail keeps coming in, but wasn't getting rejected by the recipient filtering because the account existed.  I was incorrect in assuming that it was SPAM.  It was legitimate mail to a disabled user.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
With so many activities to perform, Exchange administrators are always busy in organizations. If everything, including Exchange Servers, Outlook clients, and Office 365 accounts work without any issues, they can sit and relax. But unfortunately, it…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question