Found empty sender address mail stuck in queue of Exchange 2k10
This is using MS Exchange server 2010 on MS Windows 2008 R2 server. Recently, in queue viewer, found quite a lot of stuck mail with empty sender address. Please refer to the attached file.
Is this some kind of spamming that want to send via my exchange server? How to stop it? almost all of these stuck mails have error message - 421 4.4.2 Connection dropped due to socket errors.
Thanks in advance.
421---4.4.2-error.bmp
Is this some kind of spamming that want to send via my exchange server? How to stop it? almost all of these stuck mails have error message - 421 4.4.2 Connection dropped due to socket errors.
Thanks in advance.
421---4.4.2-error.bmp
Miguel Angel Perez Muñoz
This appears to be NDR, you may be flooded to inexistent email address and this generates NDR to inexistent domains. This causes your server couldn´t reach to this domains and emails stucks on queue. After 2 days will be remove automatically.
These are just Non-Delivery Reports (NDRs) coming back. Could be a result of an NDR backscatter attack.
Articles on Backscatter.
http://technet.microsoft.com/en-us/library/dn499795(v=exchg.150).aspx
http://www.sophos.com/en-us/support/knowledgebase/37088.aspx
Articles on Backscatter.
http://technet.microsoft.com/en-us/library/dn499795(v=exchg.150).aspx
http://www.sophos.com/en-us/support/knowledgebase/37088.aspx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Sudhir,
Ok, will do it ...
Ok, will do it ...
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for MichaelBalack's comment #a40528793
for the following reason:
ok
Accepted answer: 0 points for MichaelBalack's comment #a40528793
for the following reason:
ok
Did you mean to close it that way Michael?
ASKER
yes
ASKER
Hi Sudhir,
Exchange server is not open relay. However, found few PC were infected by malware/virus that broadcast emails to some invalid recipients, thus jam up the mail queue. After getting rid of the malware/virus, no more stuck mail with sender address "empty".
Exchange server is not open relay. However, found few PC were infected by malware/virus that broadcast emails to some invalid recipients, thus jam up the mail queue. After getting rid of the malware/virus, no more stuck mail with sender address "empty".