Re: System Log Full And BadMail Out Of Hand
- From: "Henning Krause [MVP]" <newsgroups.remove@xxxxxxxxxxxxxxxxx>
- Date: Thu, 30 Mar 2006 21:35:57 +0200
Hello,
when I understood you correctly, you are receiving your email on the
following way:
Internet --> Perimeter Mail server (GFI Mail essentials) --> Internal
Exchange Server
If you enabled LDAP routing on the perimeter mail server, you are fine.
If you enabled LDAP routing on your internal mail server, you have nothing
won, because the GFI Mail Essential will still accept all inbound mails,
because it does not know which one to reject.
Greetings,
Henning
"Robert McCarter" <RobertMcCarter@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:1D3419CC-2694-4B9A-92C2-193460AEDC26@xxxxxxxxxxxxxxxx
Henning,
If I am understanding you correctly, you wanted me to Enable LDAP routing
under the LDAP tab of the Default SMTP Server properties. I set this up
as a
test.
If this is not what you were talking about, please clarify. As a test, I
sent a mail to a non-existent user in my domain and received an NDR (sent
from a personal e-mail account).
Thank you for your help.
--
Thank you,
Robert
"Henning Krause [MVP]" wrote:
Hello Robert,
if your perimeter server can do an LDAP lookup, it can do this to reject
invalid recipients.
Enabling this feature on your internal server is no help, because GFI
Mail-Essentials is a relay server, AFAIK.
Most likely, you are suffering a SPAM attack. Not uncommon.
A smarter Anti-spam solution could also help to mititgate the problem.
Greetings,
Heninng Krause
"Robert McCarter" <RobertMcCarter@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:F0C372F5-1A10-474B-A281-6071F870813D@xxxxxxxxxxxxxxxx
Hello,
I have an Exchange 2000 Server receiving e-mail from a perimeter server
running GFI MailEssentials v12. On my perimeter server, my system log
is
filling up about every day or two. Also, the BadMail folder in
Inetpub\mailroot\badmail is filling up rapidly. It is not uncommon to
have
100,000 items in the folder after two days or so.
The messages filling my system log are typically like the following:
EventID:4000
Message delivery to the remote domain "xxx.xxxxx.xxx" failed for the
following reason: The remote server did not respond to a connection
attempt.
On the perimeter server, I turned on logging with IIS Log Format. I
viewed
the log file with Excel in a CSV format. I notice all types of bogus
addresses in the file. The file also grew at an alarming rate (1000
lines
or
so after only 5 minutes). I did not understand the columns as they
were
not
labeled with a header row so I was unable to interpret the results of
the
log
file.
I used the command line Telnet test to ensure that my mail server was
not
set up as an open relay.
Can anyone give me any ideas or clues as to how to ascertain where the
e-mail is originating (internal due to spyware or virus, or coming in
from
an
external source).
Also, is there any way to totally dump any messages that are addressed
to
users that don't exist in my organization such as "fido@xxxxxxxxxxxx"
where
no user named "fido" exists.
Thank you for any help you can give. This is driving me nuts.
--
Thank you,
Robert
.
- Follow-Ups:
- Re: System Log Full And BadMail Out Of Hand
- From: Robert McCarter
- Re: System Log Full And BadMail Out Of Hand
- References:
- Re: System Log Full And BadMail Out Of Hand
- From: Henning Krause [MVP]
- Re: System Log Full And BadMail Out Of Hand
- From: Robert McCarter
- Re: System Log Full And BadMail Out Of Hand
- Prev by Date: Re: System Log Full And BadMail Out Of Hand
- Next by Date: Re: System Log Full And BadMail Out Of Hand
- Previous by thread: Re: System Log Full And BadMail Out Of Hand
- Next by thread: Re: System Log Full And BadMail Out Of Hand
- Index(es):
Relevant Pages
|
