RE: Delivery Status Notification (Failure)

---

• From: v-chacez@xxxxxxxxxxxxx (chace zhang)
• Date: Wed, 13 Sep 2006 02:52:18 GMT

---

Hi,

Thank you for posting here.

According to your description, I understand the administrator account
receives Delivery Status Notification (Failure).

First of all, I want to explain Not Deliver Report is a expect behavior, it
could cause because various reason, for instance: the recipients is
invalid, destination domain dead or receiver's server block your email. In
order to better address your concern, please let me know the following info
on this issue:

1. Did you really send mail to the failing recipients?
2. What is the NDR content? Please send it to me as attachment for further
analysis.
3. Does other user in your domain receive NDRs?
4. How many NDRs did you receive?

Regarding NDR please refer to following article:

Delivery status notifications in Exchange Server and in Small Business
Server
http://support.microsoft.com/kb/284204



If no user in your domain sent to the recipient, I'm assuming the behavior
you encountered is a new means for spammers to avoid filters built into
many systems, instead of Virus, and also has nothing to do with your
Exchange Settings. They take advantage of a third party mail system sending
of a non-delivery report (NDR) when a message cannot be delivered as
addressed and returns the original contents. Since this follows the RFC
standard, most all mail servers will function this way. This is what is
called a "Reverse NDR attack" (RNDR).

First I would like to explain the detailed situation for RDNR by SMTP
Protocol RFC standard.

Here I assume UserB@xxxxxxxxxxxxx is the recipient which is invalid and
UserA@xxxxxxxxxxxxxx is your mailbox as the sender.

1. Spammer telnet a third party Mail Server by port 25, which allows reply
by the format as following.

Telnet <third party Mail Server> 25

2. Spammer uses your mailbox UserA@xxxxxxxxxxxxxx as mail sender to attack
your mailbox by the format as following.

Mail from: UserA@xxxxxxxxxxxxxx

3. Spammer plans UserB@xxxxxxxxxxxxx as invalid recipient by the format as
following.

Rcpt to: UserB@xxxxxxxxxxxxx

4. Input mail content and quit this session.

5. When mail reaches Domain anyDomain.com, his mail server will find the
UserB@xxxxxxxxxxxxx doesn't exist in the domain, and will return a DNR
report to the sender UserA@xxxxxxxxxxxxxxx

In this case, the behavior follows the RFC standard, and spam
sender/attacker makes use of third party unknown mail server in Internet
relay the spam e-mails where the authentication is not needed for this
email server, so based on such mechanism, I am afraid there isn't efficient
way to stop such action currently because these spam e-mails are not going
through your Exchange server. Based on my knowledge, the issue happens to
most companies recently, even in Microsoft regardless of what mail servers
they are using now. More info here:

304897 XIMS: Microsoft SMTP Servers May Seem to Accept and Relay E-Mail
http://support.microsoft.com/?id=304897


Hope this helps. I look forward to your reply. If there is anything
unclear, feel free to let me know. Thanks for your understanding. Have a
nice day!



Best Regards,

Chace Zhang (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Any input or comments in this thread are highly appreciated.

=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
| Thread-Topic: Delivery Status Notification (Failure)
| thread-index: AcbWVq8ZFsfi0F4kQo6hDj0DG/dEHg==
| X-WBNR-Posting-Host: 198.54.202.234
| From: =?Utf-8?B?aGlqYWNr?= <hijack@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: Delivery Status Notification (Failure)
| Date: Tue, 12 Sep 2006 03:32:02 -0700
| Lines: 13
| Message-ID: <C85C9058-1220-42BE-8C68-5B7D81BD245E@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGXA01.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:296902
| NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
|
| As an administrator of SBS 2003 I sometimes receive a Delivery Status
| Notification (Failure) error.The contents of the email reads
| This is an automatically generated Delivery Status Notification.
|
| Delivery to the following recipients failed.
|
| Non-RFC-compliant-recipient-supplied:
|
| What causes this type of error and how can this be fixed.
| --
| Thanks for the help
| Jack
|

.

---

• Follow-Ups:
  • RE: Delivery Status Notification (Failure)
    • From: hijack

• Prev by Date: Re: Tens of thousands of emails from Nowhere?
• Next by Date: Re: User Account - Cannot Access
• Previous by thread: Tens of thousands of emails from Nowhere?
• Next by thread: RE: Delivery Status Notification (Failure)
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: How to NOT get an "Un-delivered" Mail notification? ... un-wittengly, I've been receiving an annoying notification, 'Un-deliveryed ... This is an automatically generated Delivery Status Notification. ... The mail server is ... (microsoft.public.windows.inetexplorer.ie6_outlookexpress) RE: Delivery Status Notification (Failure) ... I do not think that I am under threat from spammers. ... Delivery status notifications in Exchange Server and in Small Business ... Spammer telnet a third party Mail Server by port 25, ... Microsoft SMTP Servers May Seem to Accept and Relay E-Mail ... (microsoft.public.windows.server.sbs) RE: Delivery Status Notification (Delay) ... This Delivery Status Report is generated if the Exchange Server cannot ... On the Delivery tab, please check the "Delivery Notification" list. ... Microsoft CSS Online Newsgroup Support ... (microsoft.public.windows.server.sbs) Re: How do you see the full headers in a received email in Outlook? ... but the e-mail message has been sent to a destination mail system that does not give that notification. ... an e-mail requesting delivery notification is a request ... that targets the recipient's mail server for a response (i.e., ... I don't think many mail servers will handle delivery receipt requests. ... (microsoft.public.outlook) RE: Soft reply for one users email 7.4.4 ... Will the problematic user get such Delivery Status Notification after ... Did the user get NDRs after this Delivery Status Notification? ... Microsoft CSS Online Newsgroup Support ... <Delivery to the following recipients has been delayed ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2006-09