Re: System Log Full And BadMail Out Of Hand

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Henning,

If I am understanding you correctly, you wanted me to Enable LDAP routing
under the LDAP tab of the Default SMTP Server properties. I set this up as a
test.

If this is not what you were talking about, please clarify. As a test, I
sent a mail to a non-existent user in my domain and received an NDR (sent
from a personal e-mail account).

Thank you for your help.
--
Thank you,

Robert


"Henning Krause [MVP]" wrote:

Hello Robert,

if your perimeter server can do an LDAP lookup, it can do this to reject
invalid recipients.

Enabling this feature on your internal server is no help, because GFI
Mail-Essentials is a relay server, AFAIK.

Most likely, you are suffering a SPAM attack. Not uncommon.

A smarter Anti-spam solution could also help to mititgate the problem.

Greetings,
Heninng Krause

"Robert McCarter" <RobertMcCarter@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message news:F0C372F5-1A10-474B-A281-6071F870813D@xxxxxxxxxxxxxxxx
Hello,

I have an Exchange 2000 Server receiving e-mail from a perimeter server
running GFI MailEssentials v12. On my perimeter server, my system log is
filling up about every day or two. Also, the BadMail folder in
Inetpub\mailroot\badmail is filling up rapidly. It is not uncommon to
have
100,000 items in the folder after two days or so.

The messages filling my system log are typically like the following:

EventID:4000
Message delivery to the remote domain "xxx.xxxxx.xxx" failed for the
following reason: The remote server did not respond to a connection
attempt.

On the perimeter server, I turned on logging with IIS Log Format. I
viewed
the log file with Excel in a CSV format. I notice all types of bogus
addresses in the file. The file also grew at an alarming rate (1000 lines
or
so after only 5 minutes). I did not understand the columns as they were
not
labeled with a header row so I was unable to interpret the results of the
log
file.

I used the command line Telnet test to ensure that my mail server was not
set up as an open relay.

Can anyone give me any ideas or clues as to how to ascertain where the
e-mail is originating (internal due to spyware or virus, or coming in from
an
external source).

Also, is there any way to totally dump any messages that are addressed to
users that don't exist in my organization such as "fido@xxxxxxxxxxxx"
where
no user named "fido" exists.

Thank you for any help you can give. This is driving me nuts.
--
Thank you,

Robert



.

Relevant Pages

  • Re: Does samba 3.0.14Aa on OS 5.0.6 work with ldapsam backend on another LDAP server?
    ... used 3.0.9 on SCO 5.0.6 for quite some time after suffering problems I ... a RedHat4 box running samba 3.0.10 and OpenLDAP 2.2.13. ... and no LDAP server (although there were the ... share on the SCO server without any smbpasswd on that server! ...
    (comp.unix.sco.misc)
  • RE: LDAP & Find People not working
    ... need to refer to the KB article below to know how to use LDAP: ... | Yes, the scanner is on the local area network, so as you indicated below, ... | So I wonder why the scanner does not see the LDAP server. ...
    (microsoft.public.windows.server.sbs)
  • slapd - slow starting
    ... contact LDAP server ... then slapd started fine but I without ldap in nsswitch.conf I cant ... # The user ID attribute (defaults to uid) ... # SSL enabled. ...
    (freebsd-stable)
  • Re: Configuring LDAP on Entourage 2004 OS X
    ... On the SBS server box, open Server Management console, navigate to ... by companies that are independent of Microsoft. ... Configuring LDAP on Entourage 2004 OS X ...
    (microsoft.public.windows.server.sbs)
  • Re: Antw: Re: LDAP Authentication Problem
    ... TLSv1 und wird auf einen SSL Client Hello Request mit TLSv1 nicht ... antworten anstatt ein SSLv3 Server Hello. ... the LDAP PAM module and the shadow package. ...
    (de.comp.sys.novell)