sbs 2003 Exchange 2003, How to tell where mail is getting in the queue from

My exchange server queues keep filling up with a bunch of junk spam mail.  It is addressed like it is coming from the postmaster on our server but it isnt.  I have verified that i am not a open relay.  I tried 3 different open relay tests and they all pass.  We get our emails only through postini and i only allow their server ip addresses to forward into our server through the firewall.  But i cant figure out where it is coming from.  I just deleted over 180000 spam messages from the queue.  The worst part is it keeps getting us blacklisted.  Most companies are pretty nice and remove us quickly from the list but i'm sure they arent going to keep being that nice if i cant figure it out.
LVL 1
charles18602Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

tobywestonCommented:
Is it possible to get an example of the headers in one of these emails?
0
GeodashCommented:
Verify your MX record and SPF record at http://www.kitterman.com/spf/validate.html

SPF record, if you don't have one in place, should help alleviate this.
0
GeodashCommented:
In case you do not know what an SPF record is - read here -

http://en.wikipedia.org/wiki/Sender_Policy_Framework
0
Acronis Data Cloud 7.8 Enhances Cyber Protection

A closer look at five essential enhancements that benefit end-users and help MSPs take their cloud data protection business further.

GeodashCommented:
Also, do you use any kind of inbound/outbound SPAM filter?
0
chakkoCommented:
that could be a NDR type of attack.

In the Exchange IMF you can select a checkbox to disable NDR for a little while and see if that stops it.

this page shows where to turn it off

http://www.emailquestions.com/microsoft-exchange/311-disable-ndrs-exchange-2000-2003-a.html
0
Larry Struckmeyer MVPCommented:
Agreed that the most likely is NDR.  It is also possible that some bot has addressed mail directly to the IP address of your server, not the mx record, in which case it would bypass your off site filters.  The headers should tell you.
0
Alan HardistyCo-OwnerCommented:
Disabling NDR's is against RFC standards so please do NOT turn them off.

Your problem by the sounds of it is NDR spam which means Postini are not rejecting mail destined for Invalid Recipients.

You should find that you are listed on www.backscatterer.org and you can determine this on www.mxtoolbox.com/blacklists.aspx

You either need to get Postini to filter invalid recipients for you or stop using Postini and use another provider who can filter invalid recipients.

As soon as Postini accepts an email destined for an Invalid account and passes it on to you, your server becomes responsible for sending back an NDR.  If they reject emails destined for invalid Recipients, then the sending server is responsible for the NDR and thus your problem will go away.

Alan
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
chakkoCommented:
I would just turn off the NDR to control the problem for now.  You can turn it on later to deal with the problem more permanently.
0
Alan HardistyCo-OwnerCommented:
I would suggest tackling the source of the problem, rather than digging yourself a bigger hole by turning off NDR's.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SBS

From novice to tech pro — start learning today.