RE: Delivery Status Notification (Failure)
- From: hijack <hijack@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 13 Sep 2006 09:02:02 -0700
Thanks for the reply. I do not think that I am under threat from spammers. I
opened the email as a message source and found the return path to be a valid
destination and the originator of the mail envelope-to: to be a member on my
domain. What I think could have happened is that the mail server blocked the
attachment sent by a member on my domain. The message that I received (as a
remote administrator) had two attachements an ATT0XX.dat and the email
envelope with a picture.
If possibele I would like to be able to understand the message of an email.
Thanks for the advice on the spammers. I will not dispell this thought. I
will get back with the info you require.
--
Thanks for the help
Jack
"chace zhang" wrote:
Hi,.
Thank you for posting here.
According to your description, I understand the administrator account
receives Delivery Status Notification (Failure).
First of all, I want to explain Not Deliver Report is a expect behavior, it
could cause because various reason, for instance: the recipients is
invalid, destination domain dead or receiver's server block your email. In
order to better address your concern, please let me know the following info
on this issue:
1. Did you really send mail to the failing recipients?
2. What is the NDR content? Please send it to me as attachment for further
analysis.
3. Does other user in your domain receive NDRs?
4. How many NDRs did you receive?
Regarding NDR please refer to following article:
Delivery status notifications in Exchange Server and in Small Business
Server
http://support.microsoft.com/kb/284204
If no user in your domain sent to the recipient, I'm assuming the behavior
you encountered is a new means for spammers to avoid filters built into
many systems, instead of Virus, and also has nothing to do with your
Exchange Settings. They take advantage of a third party mail system sending
of a non-delivery report (NDR) when a message cannot be delivered as
addressed and returns the original contents. Since this follows the RFC
standard, most all mail servers will function this way. This is what is
called a "Reverse NDR attack" (RNDR).
First I would like to explain the detailed situation for RDNR by SMTP
Protocol RFC standard.
Here I assume UserB@xxxxxxxxxxxxx is the recipient which is invalid and
UserA@xxxxxxxxxxxxxx is your mailbox as the sender.
1. Spammer telnet a third party Mail Server by port 25, which allows reply
by the format as following.
Telnet <third party Mail Server> 25
2. Spammer uses your mailbox UserA@xxxxxxxxxxxxxx as mail sender to attack
your mailbox by the format as following.
Mail from: UserA@xxxxxxxxxxxxxx
3. Spammer plans UserB@xxxxxxxxxxxxx as invalid recipient by the format as
following.
Rcpt to: UserB@xxxxxxxxxxxxx
4. Input mail content and quit this session.
5. When mail reaches Domain anyDomain.com, his mail server will find the
UserB@xxxxxxxxxxxxx doesn't exist in the domain, and will return a DNR
report to the sender UserA@xxxxxxxxxxxxxxx
In this case, the behavior follows the RFC standard, and spam
sender/attacker makes use of third party unknown mail server in Internet
relay the spam e-mails where the authentication is not needed for this
email server, so based on such mechanism, I am afraid there isn't efficient
way to stop such action currently because these spam e-mails are not going
through your Exchange server. Based on my knowledge, the issue happens to
most companies recently, even in Microsoft regardless of what mail servers
they are using now. More info here:
304897 XIMS: Microsoft SMTP Servers May Seem to Accept and Relay E-Mail
http://support.microsoft.com/?id=304897
Hope this helps. I look forward to your reply. If there is anything
unclear, feel free to let me know. Thanks for your understanding. Have a
nice day!
Best Regards,
Chace Zhang (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Thread-Topic: Delivery Status Notification (Failure)
| thread-index: AcbWVq8ZFsfi0F4kQo6hDj0DG/dEHg==
| X-WBNR-Posting-Host: 198.54.202.234
| From: =?Utf-8?B?aGlqYWNr?= <hijack@xxxxxxxxxxxxxxxxxxxxxxxxx>
| Subject: Delivery Status Notification (Failure)
| Date: Tue, 12 Sep 2006 03:32:02 -0700
| Lines: 13
| Message-ID: <C85C9058-1220-42BE-8C68-5B7D81BD245E@xxxxxxxxxxxxx>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830
| Newsgroups: microsoft.public.windows.server.sbs
| Path: TK2MSFTNGXA01.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.sbs:296902
| NNTP-Posting-Host: TK2MSFTNGXA01.phx.gbl 10.40.2.250
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
|
| As an administrator of SBS 2003 I sometimes receive a Delivery Status
| Notification (Failure) error.The contents of the email reads
| This is an automatically generated Delivery Status Notification.
|
| Delivery to the following recipients failed.
|
| Non-RFC-compliant-recipient-supplied:
|
| What causes this type of error and how can this be fixed.
| --
| Thanks for the help
| Jack
|
- Follow-Ups:
- RE: Delivery Status Notification (Failure)
- From: chace zhang
- RE: Delivery Status Notification (Failure)
- References:
- RE: Delivery Status Notification (Failure)
- From: chace zhang
- RE: Delivery Status Notification (Failure)
- Prev by Date: Re: Website access from Server - Win 98 not Client Win XP
- Next by Date: RE: Using existing domain users and clients after new installation
- Previous by thread: RE: Delivery Status Notification (Failure)
- Next by thread: RE: Delivery Status Notification (Failure)
- Index(es):
Relevant Pages
|
