asked on

Exchange sending continuous messages and it's caught in a loop

We are having problems with our client's exchange 2010 server on a 2008 r2.

MicrosoftExchange329e71ec88ae4615bbc36ab6ce41109e@domain.com keeps sending emails to bma_journal@bma.int. This seems to be caught in a loop of some sort. They are being stopped as outgoing mail at our Barracuda mail filter and are being sent at least every minute or so.
They are being sent by MicrosoftExchange329e71ec88ae4615bbc36ab6ce41109e@mydomain.local to the @bma.int address. Our mail filter is catching it but i suspect that there is some sort of malware on our exchange server.
I am running Trend Micro scanmail on our stores right now. It's found some malware but the issue is still here.

Thanks

Josef

Amit

First step I would take to remove anonymous setting relay connectors. Then you can work on virus clean up.

Neil Russell

MicrosoftExchange329e71ec88ae4615bbc36ab6ce41109e@domain.com is a microsoft default MicrosoftExchangeRecipientEmailAddresses and is used by a misconfigured system. No malware.

See this article that explains. http://ameelabs.org.ua/?p=269

Joe

ASKER

Amit: I am unsure how to do this.

Neilsr: If the MicrosoftExchangeRecipientEmailAddresses is MicrosoftExchange329e71ec88ae4615bbc36ab6ce41109e@domain.com that means that the system is misconfigured?

MicrosoftExchangeRecipientEmailAddressPolicyEnabled is set to true. (attched results from Get-OrganizationConfig)

Thanks for the responses

josef
Exchange.JPG

Gareth Gudger

bma_journal@bma.int

Sounds like you have a Barracuda Mail Archiver in place. Was anything changed with its configuration, or, did this loop occur after changing any settings in the send/receive connectors in Exchange?

I know the Barracuda Mail Archiver has you create a dedicated Send Connector during setup. See here for the documentation.
https://techlib.barracuda.com/BMA/ConfigureMSX20072010EnvelopeJournal

Joe

ASKER

We used to have the archiver in place but don't anymore. Which is why it's confusing. There is also no bma_journal@bma.int on our exchange server or no journaling rules.

Gareth Gudger

Sounds like you still have some leftover Config then.

Not 100% sure if the Barracuda Mail Filter needs any of the items described in this setup guide though. Wouldn't think it would.

Joe

ASKER

Yeah i've been looking for the config. I just can't find it. It's crazy. I'm digging through exchange and no luck. I'm gonna try a reboot too. It probably won't fix it but it can't hurt.

Gareth Gudger

You might be able to just reverse what that previous document I linked said. Just go back and remove the settings the document tells you to create.

Can't imagine it would affect the Mail Filtering product.

Joe

ASKER

I'll go through in the morning and check every setting listed. Thanks for the link man.

Joe

ASKER

I've gone through all these setting three times and still have found no remnants of the bma_journal address. Only on the mail filter.

ASKER CERTIFIED SOLUTION

Gareth Gudger

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial