Exchange Queue -- Undeliverable messages from nobody.
Hi,
I'm finding a fair amount each day (~50 - 100) messages in my Exchange queue that puzzle me. (Please see screen shot).
The "FROM" address is blank "<>"
The subject always has "Undeliverable" next to it.
I'm trying to figure out if it's
1. A bounce back. Spam to a non-existent user and this is the bounce back to a non-existent domain it's trying to bounce back to.
2. Is someone connecting directly to port 25 of my server, like a command line thing and trying to use the server as an open relay? I've checked and double checked, the server isn't an open relay.
3. Something else?
I think it's #1 but I'm not sure.
Any ideas whats causing it and how to stop it?
ALso, next to "Message Source name" is says "DSN". What is DSN?
As always, thanks!
queue-screen-shot.jpg
I'm finding a fair amount each day (~50 - 100) messages in my Exchange queue that puzzle me. (Please see screen shot).
The "FROM" address is blank "<>"
The subject always has "Undeliverable" next to it.
I'm trying to figure out if it's
1. A bounce back. Spam to a non-existent user and this is the bounce back to a non-existent domain it's trying to bounce back to.
2. Is someone connecting directly to port 25 of my server, like a command line thing and trying to use the server as an open relay? I've checked and double checked, the server isn't an open relay.
3. Something else?
I think it's #1 but I'm not sure.
Any ideas whats causing it and how to stop it?
ALso, next to "Message Source name" is says "DSN". What is DSN?
As always, thanks!
queue-screen-shot.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Do you have exchange 2013?
ASKER
No, exchange 2010.
Have you enabled exchange anti spam and configured it.
Please refer enable anti spam agent http://technet.microsoft.com/en-in/library/bb201691%28v=exchg.150%29.aspx
Also add ipblocklist provider
Add-IPBlockListProvider -Name zen.spamhaus.org -LookupDomain zen.spamhaus.org -AnyMatch $True
Add-IPBlockListProvider -Name bl.spamcop.net -LookupDomain bl.spamcop.net -AnyMatch $True
Add-IPBlockListProvider -Name dnsbl.sorbs.net -LookupDomain dnsbl.sorbs.net -AnyMatch $True
Set-RecipientFilterConfig -RecipientValidationEnable
Please refer enable anti spam agent http://technet.microsoft.com/en-in/library/bb201691%28v=exchg.150%29.aspx
Also add ipblocklist provider
Add-IPBlockListProvider -Name zen.spamhaus.org -LookupDomain zen.spamhaus.org -AnyMatch $True
Add-IPBlockListProvider -Name bl.spamcop.net -LookupDomain bl.spamcop.net -AnyMatch $True
Add-IPBlockListProvider -Name dnsbl.sorbs.net -LookupDomain dnsbl.sorbs.net -AnyMatch $True
Set-RecipientFilterConfig -RecipientValidationEnable
If you have recipient filtering enabled, then you shouldn't have seen the messages. I would suspect that either it isn't enabled, or you have a problem elsewhere.
Be aware of the consequences of enabling external blacklists. They are not the "solution" that many people think they are. Both spamhaus and Sorbs will block entire subnets with little good reason. Enable them if you are happy for an unaccountable third party deciding what email you can receive.
Simon.
Be aware of the consequences of enabling external blacklists. They are not the "solution" that many people think they are. Both spamhaus and Sorbs will block entire subnets with little good reason. Enable them if you are happy for an unaccountable third party deciding what email you can receive.
Simon.
ASKER
I have a third party spam solution in place -- GFI mail essentials. Also running Microsofts built in solutions at the same time.
ASKER
I figured out where the Undeliverable bounced messages were coming from. We have users who rarely check their mailboxes and the boxes get full. Those undeliverable messages were spam messages sent from an invalid FROM address to a user whose box was full. The system kicked the message back to the original sender whom didn't exist. Then those bounces sit in my queue for a few days , or whatever the timeout period is, I can't remember.
ASKER
I already have Recipient Filtering turned on. I guess these messages got through. Thanks for explaining what they are.