Re: Unexplain-able Undeliverable messages being generated
- From: "Matthew Byrd [MSFT]" <matbyrd@xxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 9 May 2005 16:28:10 -0400
Hi Mike,
Is the subject "Undeliverable: Subject" but the message body look like a
real piece of email or does the message body look like an NDR? It is
possible that the Spammers are using the standard NDR subject line as a way
to get you to look at the email. Then you Email filtering software detects
it as spam and sends it to your Spam account.
If the email is being generated by Exchange then it will be a standard NDR
in which case it will have an NDR code. That code will indicate why the NDR
was generated it will also indicate before the code what server generated
the NDR. This information can help you narrow down where the message is
coming from.
Hope this Helps,
--
Matthew Byrd
Microsoft PSS
Run Microsoft Exchange Server Best Practices Analyzer Today
http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
This posting is provided "AS IS" with no warranties, and confers no rights.
"Mike" <mike008us@xxxxxxxxx> wrote in message
news:e6kJXSNVFHA.3432@xxxxxxxxxxxxxxxxxxxxxxx
> Yes, but if they are coming from external mail servers, they're subjects
> would get modified by the 3rd party that scans the mail for spam. Also,
> I'd expect those "Undeliverable: subject" messages would be going to other
> users in the domain. Why would the only account that gets spoofed is the
> spam@xxxxxxxxxx? It's definitley not published anywhere. And wouldn't I
> be able to view a header on any message that came from an external mail
> server.
>
> The messages I'm referring to follow this format "Undeliverable: subject".
> When opened you cannot view the header(by clicking view>options). You can
> hit "send again", which indicates or seems like the Exchange server
> attempted delivery once. Is it possible for this type of message to be
> forged or spoofed and how could it only happen to one
> mailbox(spam@xxxxxxxxxx).
>
> Thanks,
> Mike
>
>
> "Matthew Byrd [MSFT]" <matbyrd@xxxxxxxxxxxxxxxxxxxx> wrote in message
> news:OsHDJJNVFHA.3696@xxxxxxxxxxxxxxxxxxxxxxx
>> Hi Mike,
>>
>> I maybe that someone out there is spoofing your domain. Basically they
>> are sending spam email to other email users in the world using your
>> domain as an originating domain. There is nothing in the SMTP protocol
>> to prevent a user from doing this. So what you maybe seeing is the NDRs
>> that are being generated when these emails are bound for non-existent
>> users coming back to your domain as they are supposed to. These are just
>> another form of Spam and can be safely ignored.
>>
>> Hope this Helps,
>> --
>> Matthew Byrd
>> Microsoft PSS
>>
>> Run Microsoft Exchange Server Best Practices Analyzer Today
>> http://www.microsoft.com/exchange/downloads/2003/exbpa/default.mspx
>>
>> When responding to posts, please "Reply to Group" via your newsreader so
>> that others may learn and benefit from your issue.
>>
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> "Mike" <mike008us@xxxxxxxxx> wrote in message
>> news:%23qfxfwMVFHA.612@xxxxxxxxxxxxxxxxxxxxxxx
>>> Hi,
>>>
>>> I have an odd situation where I can't figure out where "Undeliverable"
>>> messages are being generated in a shared mailbox.
>>>
>>> My setup. A SBS 2003 server with a single domain, 3rd party service
>>> where all mail for domain is sent to and scanned for virus and
>>> spam(viruses are dropped, spam is forwarded to spam@xxxxxxxxxx),
>>> firewall only accepts SMTP from 3rd party then delivers to server. This
>>> is still working and had been working great up until a couple weeks ago
>>> when the amount of spam started increasing by an incredible multitude.
>>> While I don't care about the increased level of spam that's being
>>> forwarded through by 3rd party service, it could be related to this
>>> issue. An account on the server is setup with the name spam and the box
>>> is shared to 2 users, where 1 of them checks the spam box for legitimate
>>> email that got through.
>>>
>>> The issue exists in that spam box where now it's not just spam, but
>>> there are messages from "System Administraor" with subject
>>> "Undeliverable: whatever the subject is", with the option to send again
>>> and since it's not a delivered message there's no header. The person
>>> checking the spam is not replying, so how is it that it appears that
>>> there is a delivery failure?
>>>
>>> I've check the account spam and no auto-reply is setup. I also enabled
>>> a feature with the 3rd party to modify the subject on spam messages so I
>>> could make sure the "Undeliverables" were really being generated
>>> internally, and sure enought the "Undeliverables" do not have a modified
>>> subject. I thought a PC on the LAN may have spyware that's doing this,
>>> but how would the spyware know to send messages on behalf of their spam
>>> account, because no one else in the domain is getting the undeliverables
>>> in their boxes. I also don't see any of these messages being in the
>>> delayed SMTP queues.
>>>
>>> Please help!
>>>
>>> Thanks,
>>> Mike
>>>
>>
>>
>
>
.
- Follow-Ups:
- References:
- Unexplain-able Undeliverable messages being generated
- From: Mike
- Re: Unexplain-able Undeliverable messages being generated
- From: Matthew Byrd [MSFT]
- Re: Unexplain-able Undeliverable messages being generated
- From: Mike
- Unexplain-able Undeliverable messages being generated
- Prev by Date: Re: Unexplain-able Undeliverable messages being generated
- Next by Date: Recovering just 1 mailbox from a ntbackup set.
- Previous by thread: Re: Unexplain-able Undeliverable messages being generated
- Next by thread: Re: Unexplain-able Undeliverable messages being generated
- Index(es):
Relevant Pages
|
Loading
