Increased Undeliverable Mail Messages
Hello, I wondered if anyone could shed any light or confirm to me, that i might have a virus going around, to why all of a suddenI receive 20-30 emails everyday with the following information;
Your message did not reach some or all of the intended recipients.
Subject:
[MailServer Notification][CSM Security Server: xxxxxxxxxx.xxxxxxxxxxx.xxxxx, Messaging Security Agent: xxxxxxxxxx]Security Notification
Sent:
02/09/200815:25
The following recipient(s) could not be reached:xxxxxxxx@xx.xxx.comon02/09/200815:25The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.<xxxx.xxxxxxxxxxx.co.uk #5.1.1 smtp;550 5.1.1 User unknown>
We are not of aware sending email to the recipients included in the NDRs. I am currently checking machines for viruses but none found yet.
Any input would be appreciated.
Wayne
September 2nd, 2008 6:13pm
Hi Wayne,
It looks like you are a victim of Reverse NDR attack. i.e. The spammers, who declare they were you, send email to a non existence recipient on another server, for example abc@test.com. After mail server of test.com reject the mail, the NDR mail will deliver to your mail server.
In this situation, youd better told test.com that they are attacked by this, as lots of bandwidth is occupied by the junk NDR mails. Suggest them to create a recipient filter to prevent Exchange Server from accepting messages that are sent to recipients who do not exist. For more detail information you can refer to the following KB:
http://support.microsoft.com/kb/909005
In your side, you can block mails from test.com admin if you never receive mail from them or you can choose to change the email address who received this NDR. Thanks,
Elvis
Free Windows Admin Tool Kit Click here and download it now
September 4th, 2008 9:41am
Thanks Elvis,
I'll start looking in to preventing the NDR attacks.
Wayne
September 4th, 2008 12:01pm