NDR issue
Running Exchange 2003 on a Win2003 server.
Received the following NDR for a message I did not send. How is this possible? What do I need to do prevent this apparenthole?
Subject:***Probably SPAM*** Daily News 045234934Sent:5/21/2007 7:01 PM
The following recipient(s) could not be reached:
rlivingston@hob.de on 5/21/2007 7:01 PMThe e-mail system was unable to deliver the message, but did not report a specific reason. Check the address and try again. If it still fails, contact your system administrator. < imap.hob.de #5.0.0 X-Postfix; unknown user: "rlivingston">
May 25th, 2007 2:43am
ThisNDR was probably not sent to you by your Exchange serverbut by the Exchange server at hob.de Some computer on the internet tried to send spammail to rlivingstone@hob.de, using your email address as the return address. The hob server sentthe NDR to the return address (ie yours). Happens all the time, some servers send a NDR including the original spammessage. Or worse including virus content. Explaining this to one's users can be quite time consuming.
Free Windows Admin Tool Kit Click here and download it now
May 25th, 2007 9:34pm
Hhee,
Good call, based on the logs, you're correct. It is in-fact an NDR from hob.de.
Thanks for the insight!
May 29th, 2007 10:24pm
Anonymous0015 wrote:
What do I need to do prevent this apparenthole?
- Open "System Manager"
- Server > Queue
- Block the respective conector which is communicating with your Exchange Server
- From "Default SMTP connector" > "Current session" > Remove the suspicious sessions which are there for longer than 300 seconds
( i.e. 5 mins )
Free Windows Admin Tool Kit Click here and download it now
June 19th, 2007 12:20pm