Solved

sbs 2003 Exchange 2003, How to tell where mail is getting in the queue from

Posted on 2012-04-09
9
397 Views
Last Modified: 2012-06-18
My exchange server queues keep filling up with a bunch of junk spam mail.  It is addressed like it is coming from the postmaster on our server but it isnt.  I have verified that i am not a open relay.  I tried 3 different open relay tests and they all pass.  We get our emails only through postini and i only allow their server ip addresses to forward into our server through the firewall.  But i cant figure out where it is coming from.  I just deleted over 180000 spam messages from the queue.  The worst part is it keeps getting us blacklisted.  Most companies are pretty nice and remove us quickly from the list but i'm sure they arent going to keep being that nice if i cant figure it out.
0
Comment
Question by:charles18602
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 3

Expert Comment

by:tobyweston
ID: 37825315
Is it possible to get an example of the headers in one of these emails?
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37825317
Verify your MX record and SPF record at http://www.kitterman.com/spf/validate.html

SPF record, if you don't have one in place, should help alleviate this.
0
 
LVL 9

Expert Comment

by:Geodash
ID: 37825330
In case you do not know what an SPF record is - read here -

http://en.wikipedia.org/wiki/Sender_Policy_Framework
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 9

Expert Comment

by:Geodash
ID: 37825341
Also, do you use any kind of inbound/outbound SPAM filter?
0
 
LVL 22

Expert Comment

by:chakko
ID: 37825344
that could be a NDR type of attack.

In the Exchange IMF you can select a checkbox to disable NDR for a little while and see if that stops it.

this page shows where to turn it off

http://www.emailquestions.com/microsoft-exchange/311-disable-ndrs-exchange-2000-2003-a.html
0
 
LVL 22

Expert Comment

by:Larry Struckmeyer MVP
ID: 37825511
Agreed that the most likely is NDR.  It is also possible that some bot has addressed mail directly to the IP address of your server, not the mx record, in which case it would bypass your off site filters.  The headers should tell you.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 500 total points
ID: 37825551
Disabling NDR's is against RFC standards so please do NOT turn them off.

Your problem by the sounds of it is NDR spam which means Postini are not rejecting mail destined for Invalid Recipients.

You should find that you are listed on www.backscatterer.org and you can determine this on www.mxtoolbox.com/blacklists.aspx

You either need to get Postini to filter invalid recipients for you or stop using Postini and use another provider who can filter invalid recipients.

As soon as Postini accepts an email destined for an Invalid account and passes it on to you, your server becomes responsible for sending back an NDR.  If they reject emails destined for invalid Recipients, then the sending server is responsible for the NDR and thus your problem will go away.

Alan
0
 
LVL 22

Expert Comment

by:chakko
ID: 37825599
I would just turn off the NDR to control the problem for now.  You can turn it on later to deal with the problem more permanently.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37825620
I would suggest tackling the source of the problem, rather than digging yourself a bigger hole by turning off NDR's.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question