Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Exchange Server 2010

Posted on 2016-08-22
10
Medium Priority
?
184 Views
Last Modified: 2016-08-29
Dear
I have critical case in my Organization mail server concerning my mail account ,I Have received many undelivered mails on my  mailbox for mails i never sent it before using a fake display name as shown below , also my queue  in mail server have full of mails sent it y me and i didnt sent any of these mails , Please advise .
-------------------------------------------------------------------------------------------
Delivery has failed to these recipients or groups:
dansto@online.no
Your message couldn't be delivered. Try to send it again later. If the problem continues, please contact your helpdesk.





Diagnostic information for administrators:
Generating server: nmmx3.nsc.no
dansto@online.no
#< #5.3.0 X-Unix; 73> #SMTP#
Original message headers:
Return-Path: <ibrahim.nakip@alkancit.com>
Received: from mail.alkancit.com (mail.alkancit.com [196.219.1.200])      by
 nmmx3.nsc.no (8.14.7/8.14.7) with ESMTP id u7M5qXt0014420
      (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT)      for
 <dansto@online.no>; Mon, 22 Aug 2016 07:52:37 +0200 (MEST)
Received: from fepakaqi (69.9.196.157) by mail.alkancit.com (172.16.1.26) with
 Microsoft SMTP Server (TLS) id 14.3.248.2; Mon, 22 Aug 2016 07:44:49 +0200
Message-ID: <F76695393C280C7686CFD65DAAD1E8C3@fepakaqi>
From: Angel <ibrahim.nakip@alkancit.com>
Reply-To: Angel <albinamakinna@gmail.com>
To: <selmon_rama@hotmail.com>
Subject: Cheerio
Date: Mon, 22 Aug 2016 06:21:12 -0700
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="utf-8"; reply-type=original
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 15.4.3555.308
X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3555.308
Content-Transfer-Encoding: quoted-printable
X-Xxroufqwki: sw=gld ver=1.2 d=6m tld=com st=win
X-XClient-IP-Addr: 196.219.1.200
Received-SPF: neutral (nmmx3.nsc.no: 196.219.1.200 is neither permitted nor denied by domain of ibrahim.nakip@alkancit.com)
X-Scanned-By: MIMEDefang 2.78
0
Comment
Question by:Alkannetworks
  • 4
  • 3
  • 2
  • +1
10 Comments
 

Expert Comment

by:matedwards
ID: 41765083
Perhaps someone is spoofing your email address.

Have you got an SPF, DKIM and DMARC record set in your DNS zone file?

Do you have access to your DNS record?
0
 

Author Comment

by:Alkannetworks
ID: 41765101
Yes I have access to DNS record but you mean DNS for mail server or What?
0
 

Expert Comment

by:matedwards
ID: 41765107
Wherever you edit your MX record...
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 22

Expert Comment

by:robocat
ID: 41765135
You're getting bounced e-mails because somebody is spoofing your e-mail address.

>Delivery has failed to these recipients or groups:
>dansto@online.no

It seems that you're using an online mail provider by the name of "Telenor"? I don't speak Norwegian but this seems to be a telecom provider of some sorts?

If you're a customer of Telenor and you should ask them to protect their mailservers using SPF/DKIM because you can't do that yourself for a shared e-mail domain.

If you're actually working for Telenor, then ... what can say?
0
 

Author Comment

by:Alkannetworks
ID: 41765139
Dear
I have my own mail servers , and have never deal with this(Telenor) before
0
 
LVL 19

Expert Comment

by:suriyaehnop
ID: 41765275

X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 15.4.3555.308
X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3555.308
Content-Transfer-Encoding: quoted-printable
X-Xxroufqwki: sw=gld ver=1.2 d=6m tld=com st=win
X-XClient-IP-Addr: 196.219.1.200
Received-SPF: neutral (nmmx3.nsc.no: 196.219.1.200 is neither permitted nor denied by domain of ibrahim.nakip@alkancit.com)

It seems that someone use windows live mail to spoof your email? Does 192.2191.200 is your mail server ip address?
1
 
LVL 22

Expert Comment

by:robocat
ID: 41768282
In your question you posted the headers that were part of the generated diagnostic information.

It would be interesting to see the actual headers of such a bounced e-mail, to see the path how these messages actually end up at your server. To do this, open such a message in outlook, then go to file->properties and copy the headers at the bottom of the window.
0
 

Author Comment

by:Alkannetworks
ID: 41770157
Dear suriyaehnop
Yes my Mail Server IP 196.219.1.200
0
 
LVL 22

Accepted Solution

by:
robocat earned 2000 total points
ID: 41770455
As far I can tell from the message:

1. The SPAM e-mails are being generated by IP 69.9.196.157 (fepakaqi ).
2. Your server (mail.alkancit.com [196.219.1.200]) accepts these SPAM e-mails and tries to forward them to the destination servers.
3. In this example the destination is nmmx3.nsc.no which refuses to accept this spam and generates the bounce message.

Is IP 69.9.196.157 known to you? If so, identify the sender machine and check why it is sending SPAM.

If this IP is unknown to you, then your server is acting as an open relay for this address, which is not good. Reconfigure your server correctly so it's not an open relay.
0
 

Author Closing Comment

by:Alkannetworks
ID: 41774436
thanks
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Steps to fix “Unable to mount database. (hr=0x80004005, ec=1108)”.
Mailbox Corruption is a nightmare every Exchange DBA wishes he never has. Recovering from it can be super-hectic if not entirely futile. And though techniques like the New-MailboxRepairRequest cmdlet have been designed to help with fixing minor corr…
Viewers will learn how to use the SELECT statement in SQL and will be exposed to the many uses the SELECT statement has.
CodeTwo Sync for iCloud (http://www.codetwo.com/sync-for-icloud?sts=6554) automatically synchronizes your Outlook 2016, 2013, 2010 or 2007 folders with iCloud folders available via iCloud Control Panel. This lets you automatically sync them with…
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question