NDRs
Hi,As the exchange admin, I have it setup that all NDRs are forward to my account so I can view them. Is it possible to have more information in the NDR so I know who tried to send the email? The reason being is we had a virus infected machine that was spamming. I got all the NDRs but was unable to see who was doing the spamming.TIA
June 5th, 2009 2:06am

Issue description: NDRs have generated for users who have never sent such messages before, and I assume that exchange version is 2003. Please correct me if I have misunderstood the issue In the NDR, it must contain the message-id of the spam message that triggered the NDR, we can base on it to find the spam message from SMTP log ======== (SMTP log sample) 2009-06-05 05:39:40 192.168.1.5 - SMTPSVC1 SERVER1 192.168.1.5 0 HELO - - 2009-06-05 05:39:50 192.168.1.5 - SMTPSVC1 SERVER1 192.168.1.5 0 MAIL - +from:a@a.com #True Senders mail address# 2009-06-05 05:39:55 192.168.1.5 - SMTPSVC1 SERVER1 192.168.1.5 0 RCPT - +to:+james@lab.com 2009-06-05 05:40:05 192.168.1.5 - SMTPSVC1 SERVER1 192.168.1.5 0 DATA - SERVER1iXoGITvFMMlC00000001@server1.lab.com #Message-Id# ======== Resources: Introduction to Exchange 2003 Server SMTP Logs Logging SMTP protocol activity P1 and P2 Headers in SMTP Notes: The articles below can help you protecting exchange from spam Approaches to Fighting Spam in an Exchange Server Environment Tar Pitting Directory Harvesting Attacks
Free Windows Admin Tool Kit Click here and download it now
June 5th, 2009 8:54am

Any update in this case?
June 12th, 2009 9:31am

Hi James,You are correct but I was hoping not to have to go into the SMTP logs for the answer. Here is a sample of the NDR that I receive: Your message did not reach some or all of the intended recipients. Subject: RE: ONLINE STUDENT FORM RESPONSE Sent: 6/16/2009 12:56 PM The following recipient(s) cannot be reached: 'example@example.com' on 6/18/2009 12:58 PM Could not deliver the message in the time limit specified. Please retry or contact your administrator. <domain.name #4.4.7>I was hoping that there might be a way of adding more information to this NDR, so in it I can see who tried to send it. Just easier and faster then to have to go through the SMTP logs.Also, it is exchange 2003.Thanks,Tim
Free Windows Admin Tool Kit Click here and download it now
June 18th, 2009 11:53pm

Per my knowledge, theres no method to add extra info to NDR in the exchange natively. And the reason we use SMTP log to check the sender is that it can show who the real sender is, not the some forged senders. The sender we see in the messages can be faked, the article P1 and P2 Headers in SMTP has explained it, please check it out
June 19th, 2009 4:59am

Thanks James.
Free Windows Admin Tool Kit Click here and download it now
June 19th, 2009 7:01pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics