Exchange Server 5.5 Spam??

I'm trying to determine why my Internet Mail Connector's "Outbound Messages 
Awaiting Delivery" queue constantly has hundreds of messages awaiting 
delivery, yet the originator is listed as <>?

I've checked the server to ensure it is not being used as a relay and all 
indications tell me that I'm "relay secure".

Any help would be very much appreciated.

We're using Exchange 5.5 SP3.

Thanks in advance.
0
knickson (4)
12/3/2004 12:55:04 PM
exchange.admin 57650 articles. 1 followers. Follow

4 Replies
439 Views

Similar Articles

[PageSpeed] 28

These are not spam messages but rather NDRs your server is trying to send 
out to domains who probably tried to use your server for spam telling them 
to pound sand.  This is expected behaviour.

What you can do is go to your IMS connector and change the queue options by 
either reducing the time they sit in the queue (I think default is 24 or 48 
hours or something absurd) to say 2 or 4 hours, or cease the delivery of 
NDRs completely.

tsc


"knickson" <knickson@discussions.microsoft.com> wrote in message 
news:B0D1F91E-CC23-4A85-9A77-E0EB9715A006@microsoft.com...
> I'm trying to determine why my Internet Mail Connector's "Outbound 
> Messages
> Awaiting Delivery" queue constantly has hundreds of messages awaiting
> delivery, yet the originator is listed as <>?
>
> I've checked the server to ensure it is not being used as a relay and all
> indications tell me that I'm "relay secure".
>
> Any help would be very much appreciated.
>
> We're using Exchange 5.5 SP3.
>
> Thanks in advance. 


0
12/3/2004 2:17:54 PM
If <> is the originating email address of the outbound emails then they are
Non Delivery Report

Exchange Server accepts aliases to valid domains at your exchange server.
Later if the alias is undeliverable then Exchange Server returns an Non
Deliver Report (NDR) to the orginator.

Likely at your location spammers are attempting dictionary attacks on your
domains in an attempt to get their emails delivered.  A dictionary attack
are emails addressed to a large list of common aliases.  Also to prevent the
spammer from being swamped with NDRs the originating email address is
typically spoofed or randomized.  Exchange Server attempts to deliver NDRs
to the originator of the emails with invalid aliases during the dictionary
attack.  Due to the fact that many of the originating addresses of the spam
are falsified the NDRs sit in the outbound queue (outbound with originating
address of <> or postmaster@yourdomain.com) attempting  to go to an invalid
location.

In Exchange 5.5 if you know the invalid recipient emaili address that is
attempted to be delivered to then you can create an DL with no members.
Then assign the problem invalid recipient email address to the DL.

Otherwise you can purchase products which filter invalid recipients (example
ex employees) sent to your exchange server.  This prevents items incorrectly
sent to your exchange server from piling up in your Outbound queues.

Nemx Software (which I represent)
http://www.nemx.com/products/powertools/addressmanager.asp

Geoff Pearce
Nemx Software

"knickson" <knickson@discussions.microsoft.com> wrote in message
news:B0D1F91E-CC23-4A85-9A77-E0EB9715A006@microsoft.com...
> I'm trying to determine why my Internet Mail Connector's "Outbound
Messages
> Awaiting Delivery" queue constantly has hundreds of messages awaiting
> delivery, yet the originator is listed as <>?
>
> I've checked the server to ensure it is not being used as a relay and all
> indications tell me that I'm "relay secure".
>
> Any help would be very much appreciated.
>
> We're using Exchange 5.5 SP3.
>
> Thanks in advance.


0
nemx02 (111)
12/3/2004 2:52:01 PM
The are NDRs generated by SPAM mails which where addressed to non existing
user and which had a spoofed
from address.
Just install a AntiSPAM Solution which stops spoofing (SPF -
http://spf.pobox.com) and which knows how
to lookup existing user via LDAP.
Stefan

"knickson" <knickson@discussions.microsoft.com> wrote in message
news:B0D1F91E-CC23-4A85-9A77-E0EB9715A006@microsoft.com...
> I'm trying to determine why my Internet Mail Connector's "Outbound
Messages
> Awaiting Delivery" queue constantly has hundreds of messages awaiting
> delivery, yet the originator is listed as <>?
>
> I've checked the server to ensure it is not being used as a relay and all
> indications tell me that I'm "relay secure".
>
> Any help would be very much appreciated.
>
> We're using Exchange 5.5 SP3.
>
> Thanks in advance.


0
stefan1972 (38)
12/3/2004 3:33:26 PM
Just wanted to thank those of you who responded.  I was pretty sure of what 
the problem is, now I know. 

Thanks again!

"Stefan Engelbert" wrote:

> The are NDRs generated by SPAM mails which where addressed to non existing
> user and which had a spoofed
> from address.
> Just install a AntiSPAM Solution which stops spoofing (SPF -
> http://spf.pobox.com) and which knows how
> to lookup existing user via LDAP.
> Stefan
> 
> "knickson" <knickson@discussions.microsoft.com> wrote in message
> news:B0D1F91E-CC23-4A85-9A77-E0EB9715A006@microsoft.com...
> > I'm trying to determine why my Internet Mail Connector's "Outbound
> Messages
> > Awaiting Delivery" queue constantly has hundreds of messages awaiting
> > delivery, yet the originator is listed as <>?
> >
> > I've checked the server to ensure it is not being used as a relay and all
> > indications tell me that I'm "relay secure".
> >
> > Any help would be very much appreciated.
> >
> > We're using Exchange 5.5 SP3.
> >
> > Thanks in advance.
> 
> 
> 
0
knickson (4)
12/3/2004 5:25:05 PM
Reply:

Similar Artilces:

DPM 2007 SP1 , Server 2008 R2 , Hyper-V
When creating a protection group, I select my hyper-v server but can only see the dpmdb , no guests My DPM is installed on the hyper-V server What am I doing wrong ? Before making the hyper-v server a dpm server, i could see the vm's from my other DPM 2007 SP1 server By default, you can only backup DPMDB from the DPM server. This is by design. Here is the info: http://santhoshsivarajan.blogspot.com/2009/10/local-data-protection-on-dpm-server.html You can enable the local data protection using the following cmdlet: Set-DPMGlobalProperty -DPMServerName servername -A...

Exchange Cluster
I am looking for information regarding deployment of an Exchange Cluster in a Blade configuration. Thanks Ken First and formost, make sure your hardware is on the HCL. Support would only be "best effort" if it is not. The following link will get you to the Deploying Microsoft Exchange 2000 Server Clusters: http://www.microsoft.com/technet/prodtechnol/exchange/2000/library/default.mspx Exchange 2003 Clusters cna be found in the Exchange 2003 Deploymnet Guide at the following location: http://www.microsoft.com/exchange/prodtechnol/exchange/2003/library/default.mspx -- Nicholas ...

Exchange
In Outlook 2007: 1. Draft folder is visible but contents are not! (i can see the number of message but not the messages) 2. Notes folder is NOT visible. (funny thing is that if i make a shortuct i can see it) In BOTH cases all is OK in OWA. Evan Camilleri http://www.holistic.com.mt http://www.dotnetmushroom.com http://www.mobilesalesman.com 1) Perhaps you have a filter set to your view? Verify that the view has been set to "Sent To" and reset it if necessary. 2) Does it show when you switch to the Notes Navigation or use the Folder List Navigation to see all your folders ...

Cannot Unistall IMF Exchange 2003
Hello, I am having troubling applying Exchange 2003 Server SP 2. The error message says I need to uninstall Intelligent Message Filtering BEFORE I install SP2. I try to uninstall IMF and it will not uninstall. The error message says "There is a problem with this Windows Installer Package. A program run as part of the setup did not finish as expected. Please contact your support personnel or package vendor. .....A Fatal error during installation." I've also reinstalled the original install of IMF and still the same issues. Any thoughts? Thanks, Randy Hughes Reinstall IM...

restore public folder to Exchange 2003 server from backup copy of the Exchange 5.5 server
Hi, Recently a user deleted a folder witnin the Public Folders on the Exchange 2003 server. When I looked at a backup copy from the backup tape, I could not find the pub1.edb file in the MDBDATA folder. I am using Backup Exec. 8.6. Prior to this, I migrated to Exchange 2003 from Exchage 5.5 and changed my Exchange 2003 into Native Mode. I made a copy of the Exchange 5.5 pub1.edb onto an external hard drive,with its utility. Can i use this copy of the pub1.edb for the existing pub1.edb I have for the Public Folders? If so, what are the steps that I would need to do in performing this act...

Intermittant connection with Outlook 2003 and Exchange 2005
I have a problem affecting just one of our clients. About a third of the messages get through, and about 2 thirds are dropped. We use Exchange Server 2005 and Outlook 2003. The client side is using Microsoft Frontbridge. If we send mail using Outlook Web Access or Evolution, all of the mail is delivered. Can someone tell me why only some of our messages sent via Outlook get delivered while all messages delivered by OWA or Evolution get through? Thanks, Rick ...

Pulling email from exchange server with an exchange account
Hello, I was running a 2003 exchange server but got tired of dealing with the spam, ndr and the rest. I had setup the accounts for everyone including myself. Basically I had in outlook my account setup as an exchange account. Now that our corporate mail is hosted elsewhere I need to pull off my email from my exchange account. I have created POP accounts while using the the IP address for pop and smtp so everything is local when asking to pull. I have also went through an archive trying to get messages to save on my PC so I can then use as PST file, with no success. I have also tried looking f...

Exchange / POP3
In short: How does one go about having exchange POP email for users whom have 3rd party POP 3 server accounts? Expanded Reason: I have an exchange server setup here and I would like to get email to my users from a 3rd party POP3 account. I would normally just change MX records and point to my exchange server and have the email go right to the exchange server, but this ISP will not allow me to receive inbound SMTP. So as it stands; I can send email from my exchange server using my internet connection with out any issues, it's the receiving part that has me hung up, and if I co...

virus attacks against Exchange
I've noticed over the last month that every Sunday morning at 5:45 a.m. our Exchange server sends a CPU warning. When I check the app event log for that date/time there is a *huge* amount of virus detections by our real time virus monitor . What exactly is going on here and how might I prevent this from continuing to happen ? thanks sounds like you have an "on demand" scan of your mailbox store scheduled for this time frame...have you checked? look in the configuration of your Exchange AV... "chrism" <chris@no_spam> wrote in message news:uZcfIwKpEHA.33...

Exchange 2003 #5
How many clients/users will Exchange 2003 support? I have heard that it can support up to 10,000 users. Is this correct? "James" <anonymous@discussions.microsoft.com> wrote: >How many clients/users will Exchange 2003 support? I have heard that it can support up to 10,000 users. Is this correct? How long is a piece of string? Define the hardware platform. Define your expectations for perdformance. Define your backup/restore hardware and strategy. Define your expectations for restore/recovery time. The number of mailboxes on a server is meanngless without some context. wi...

spamming technique ?
I've recently taken over an Exchange environment and have noticed a consistent and high number of bounces - email sent to users at our organization that clearly don't exist or resemble anything like a real username/mailbox. For example: puti@domain.com, emegop@domain.com, nunum@domain.com, etc...... Is this some sort of trick by spammers to or virus senders ? If so, what are they trying to accomplish ? -chrism. I'd have to say yes it is rather common. The problem is that Exchange will accept all mail destined for your domain, and then later issue and NDR. If you have ...

Microsoft Exchange #3
When setting up Outlook I clicked on Microsoft Exhange instead of POP3. Now it is stuck wanting Microsoft Exchange Server. How do I get rid of this so I can sign up under POP3. I deleted Office 2003 and reinstalled and it is still there. Thank You Maggi Control Panel->Mail Icon. Create a new Profile using the Profiles = button and configure it to use your POP3 account. Then go back and = delete the Exchange account from the Accounts button. --=81 Milly Staples [MVP - Outlook] Post all replies to the group to keep the discussion intact. All unsolicited mail sent to my personal acco...

Exchange-Integrated Help Desk Software
Can anyone provide any good help-desk softawre that integrates well with Exchange? Preferably open-source (i.e. FREE :) ) Thanks On Wed, 23 Aug 2006 15:04:03 -0700, circulent <circulent@discussions.microsoft.com> wrote: >Can anyone provide any good help-desk softawre that integrates well with >Exchange? Preferably open-source (i.e. FREE :) ) > >Thanks You get what you pay for. MOM and its future SCOM 2007 and the helpdesk features of that 2007 product are certainly good products to name just one. As an actionpack subscriber we get MOM Workgroup Edition. does that have...

SQL Server 2008
Hi: I realize that these newsgroups are mostly for technical discussions. So, if it's more appropriate to point me to another site for answers to the questions that I'm about to ask, then please do so. I just learned that there is going to be a SQL Server 2008. I am a certified DBA (MCITP) for SQL Server 2005. Will there be an exam upgrade path from 2005 to 2008? Does anyone out there have any certification information for 2008, even though 2008 is not out yet? Will the SQL Server 2005 MCITP certification expire anytime soon? More importantly, will there be compatibility ...

exchange 5.5 to exchange 2000
Hi, we are considering to migrate our single windows NT domain to windows 2000, then to upgrade the current exchange 5.5 into Exchange 2000 which is currently in the windows 2000 member server within this NT domain. I know I have one option: * upgrade the PDC to windows 2000 domain control and then exchange 5.5 to exchange 2000. what is the risk here? * my question here is: where could I find the detail steps? I am thinking if I have another option which is: * Migrate the PDC to windows 2000 domain. * Install a saparated exchange 2000 server * move the mail box from exch...

Pivot Table #5
Dear Reader, I got a block of data in Excel - sheet 1 (26 columns by 806 rows). I try to create a pivot table on sheet 2 BUT whenever I try to add more objects to the layout I receive the following error: "MS Excel cannot make this change because there are too many row or column items drag at least one row or column item off the pivot table, or to the page position..." What can I do to display all the data? Please help, this is rather urgent! Thanks From a post by Tom Ogilvy: http://support.microsoft.com/?kbid=157486 XL97: Limits of PivotTables in Microsoft Excel 97 (Q15748...

Directory Permissions 5.5
Could someone dircet me to a link that has the default directory (c:\exchsrvr) permissions for 5.5 Thanks DU "uelman" <nospam@sbcglobal.net> wrote: >Could someone dircet me to a link that has the default directory >(c:\exchsrvr) permissions for 5.5 IIRC, it's inherited from the root domain. In most cases that means the Everyone group has full control. Defaults aren't adequate. -- Rich Matheisen MCSE+I, Exchange MVP MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm is it wise to have the everyone group with full control, i'm nervous giv...

Problems between two Exchange Servers
At my Company we are planning to replace an existing exchange 2000 server (EXS1 NT Pack 4.0 Exchange Sp3) with a new server called (EXS2 NT Pack 4, No Service Pack). So we configured an additional server and added to our primary Site. We moved a few mailboxes to the new server and seem to get outside mail but I see that all the mail sent locally is not been delivered and is stuck in the Queue that is pointing to the new server by name exs2.mydomain.com. I tried to force a connection but it doesnt want send the mail. Please help Gary Vidal Is there more than one routing group? -- reg...

Spam mail
I discover that a lot of mails queued in Exchange 2003 box was sent from postmaster@mycompany.com to invalid email addresses (ex: 1243ordgf@hotmail.com, info@yahoo.com...). This maybe the cause our users cannot send/receive email to/from Internet. All our users has installed Symantec Antivirus and have the latest definition. We also have ScanMail 6.0 and GFI Essential 11 installed on Exchange Box but we cannot solve this problem. Please help. Thanks In news:%23wLdF9I%23FHA.2708@TK2MSFTNGP12.phx.gbl, Newbievn <khoa.le@navigosgroup.com> typed: > I discover that a lot of mail...

GLOBALROOT Error on Exchange 2003
I setup protection for Exchange Server 2003 SP2 running on Win2K3 SP2. There are four information storage groups. I am protecting the server using DPM 2010 RC. All of the prerequisite steps were performed successfully. Two of the info storage groups (the small ones - 30GB) backup successfully. The two large info storage groups (125GB each) fail with the following alert message: DPM encountered an error while performing an operation for \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy38\Exchsvr\MdbData\support\Support (ServerName)\Support.edb on ServerName.domain.com (ID 2033 Detai...

Exchange ignores Outlooks text only setting
we are running excg5.5 sp4, on nt4.0 sp6. we are using office 98, and 2000. The problem we are having is Exchange ignores Outlooks text only setting and send both text and html mime encoded messages. On Mon, 23 Aug 2004 05:55:01 -0700, "mikee" <mikee@discussions.microsoft.com> wrote: >we are running excg5.5 sp4, on nt4.0 sp6. we are using office 98, and 2000. >The problem we are having is Exchange ignores Outlooks text only setting and >send both text and html mime encoded messages. What ticks have you got on the Internet Mail tab > Advanced Options of the I...

antigen on exchange #2
HI All, This question regarding antigen software recently we installed in our exchange server. Every thing has gone fine, when I test adding some words to filters are not working. By default filtering has in enabled the State. What I configuration I have to do. I did not change any configurations. Thanks in advance, Shiva. ...

domain added then removed from exchange but emails still route to exchange ?
Hi, Was wondering if someone can explain this: added external domainA to accepted domains added domainA mail address to users mailbox (mx was not changed) sent email from mailbox/account/domainB (hosted on exchange server) to domainA , arrived in users mailbox on exchange as expected removed domainA from accepted domains removed domainA email address from users mailbox to domainA , arrived in users mailbox on exchange as expected, arrived in users mailbox, this was not expected. When using Outlook (domainB exchange accounts) and entering the email address user@domainA.co...

SMTP Relay Server and Mail Aliases
Hi! I have front-end and back-end Exchange. I do not want that my front-end Exchange has SMTP relay functionality. I want to deploy a SMTP relay server in DMZ. My problem is: This SMTP relay server is not a member of my Exchnage AD domain and does not know about mail aliases in my Exchange domain. I do not want that I open additional ports on firewall which is between my Exchange domain and SMTP mail relay. My question is: How can I inform that SMTP relay server knows about all mail aliases on my Exchange domain? Best Regards Mustafa "mustafa" <mustafa@discussions.microso...

Exchange Calendar Item vs. Outlook problem
Our Exchange 5.5 (SP4) server has what appears to be a corrupt calendar item for January 20, 2004. Those people who have this recurring(?) calendar item experience an Outlook lock up (CPU 100% running process outlook.exe) when accessing their calendar for that date and when syncing for offline Outlook use. This effects Outlook versions 2000 and 2002. Because the item can not be accessed from an Outlook client it can not be deleted. Is there a way to delete recurring calendar items from a specific date in the private data store? Is there an Outlook patch that prevents the CPU utilization p...