Solved

Tracking SPAM

Posted on 2011-09-08
7
304 Views
Last Modified: 2012-05-12
I'm getting messages about the remote queue length being exceeded.  When I look at the SMTP queue there are messages from postmaster@<my domain>.com which are obviously SPAM. How do I tell where these are originating?  There is no "postmaster" account.  Message tracking does not tell me where they are originating.  SBS 2003, Exchange 2003.
0
Comment
Question by:HCPCJJ1
  • 4
  • 3
7 Comments
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36507372
Postmater@ are usually undeliverable messages. They are coming from a user inside.

In any case, have you looked at this KB?

http://support.microsoft.com/kb/886208
0
 

Author Comment

by:HCPCJJ1
ID: 36507617
Yes, recipient filtering was already enabled.
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36507798
See if you have a user account that is created in AD that there is not a mailbox in Exchange for. If someone is sending emails out to a distribution group that a user is a part of, but no mailbox associated with, you can get these postmaster (NDR) messages.

Please Advise.
0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 

Author Comment

by:HCPCJJ1
ID: 36510110
We're only a 25 member organization.  No users without Exchange accounts.  These are definitely NDR messages with SPAM content.  I'm trying to determine why they're in my outbound queue.
0
 
LVL 5

Expert Comment

by:Feebleminder
ID: 36512054
Check out this other Q&A for solutions. This might be your fix.

Please Advise!
0
 
LVL 5

Accepted Solution

by:
Feebleminder earned 250 total points
ID: 36512057
0
 

Author Closing Comment

by:HCPCJJ1
ID: 36512805
Very close.  The problem turned out to be NDR's for accounts that existed, but were disabled.  We're a law firm, so when a user leaves, I disable their account, but keep the EMails for sometimes years depending on their position.  Most of the users subscribe to multiple listserves, so the mail keeps coming in, but wasn't getting rejected by the recipient filtering because the account existed.  I was incorrect in assuming that it was SPAM.  It was legitimate mail to a disabled user.
0

Featured Post

The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Read this checklist to learn more about the 15 things you should never include in an email signature.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
how to add IIS SMTP to handle application/Scanner relays into office 365.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now