Exchange 2010 SP3, single server hosting all roles.
Had this issue for some time now.. I have been battling with the FFE config for backscatter filtering but it seems pretty useless. Only processed about 164 messages in the last week and only blocked 9.
I have 2 users who are heavily affected by this issue. Thier inboxes are being filled with NDR's for emails they obviously arent sending "Luscious ladies waiting near you" anyone?? ha
We're yet to end up on any blacklists (so far so good) Ive checked MXToobox and the backscatter website.
I think I have configured all the usual suspects:
Recipient Filtering is enabled
Backscatter filter detection is enabled on Forefront Protections 2010 for Exchange Server
The messages all have a valid from address (the 2 users having the issues). But the recipients are all bogus aol, yahoo, aim etc addresses.
Message header from one of the messages hitting our queue:
Subject: Wicked-minded lonely girl renting a room in your area To do some really kinky things with you!
Internet Message ID: <BBC6D859.66DD7A77@domain.
From Address: prvs=0343943E68=username@d
Size (KB): 3
Message Source Name: SMTP:Default WILDMB01
Source IP: 220.127.116.11
Date Received: 23/09/2014 2:15:31 PM
Expiration Time: 25/09/2014 2:15:31 PM
Last Error: 421 4.7.0 [TS01] Messages from our external IP address
temporarily deferred due to user complaints - 18.104.22.168; see http://postmaster.yahoo.com/421-ts01.html
They are all pretty much the same.
So, whats the deal with the prefix to the senders email address: prvs=838338745=
Ive even turned off sending NDR's. Still no joy.
Anyone have any suggestions?