Re: Exchange server 2003

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance



--
jesmin ningthoujam
SBS (PSS)

---------------------------------------------
"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23bnOw9erHHA.1204@xxxxxxxxxxxxxxxxxxxxxxx
jesmin ningthoujam <jesmin.ningthoujam@xxxxxxxxx> wrote:
Reverse NDR's spam .. very very common in a not so secure environment.

You mean, like a dictionary attack? That seems unlikely and isn't implied
by the OP's message. These are NDRs coming in to his users - pertaining to
mail they did not send. That's spoofing. Nothing to do with their own
server at all.

- Check the following :
- ESM > SMTP Queue > doe the Queue look normal ?
- Are the mailflow working ok ?
- Any items in the BadMail Folder in c:\Program
Files\Exchsrvr\Mailroot\Vsi1\
- Does the Server hang intermittently?
- Does the Server performance slows down ??

See above.

If the above symptoms are affirmative, there are a few workarounds.
However, depending on the size of the Exchange Database, creating a
new DB would be the best workaround.

Oh my stars, heavens no. Respectfully, that is very bad advice. It's not
relevant to the OP's issue, and wouldn't be a relevant fix even if he were
undergoing a dictionary attack.



This is what I'd do...

Steps :
------------------------
1. Stop SMTP Service to stop all email flow.
2. Exmerge out the emails from the current mailbox to PST.
3. Create a new Exchange DB
4. Merge in the PST to the new DB.

I *strongly* disagree.



---------------------------------------------
"Newbie Tech" <NewbieTech@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A7639002-5F81-402C-A1C7-DB5EB9649312@xxxxxxxxxxxxxxxx
Thank you very much. I was wondering if there was any thing more I
could do.
Thanks for the information and releif in some way.

"Lanwench [MVP - Exchange]" wrote:

Newbie Tech <NewbieTech@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I have a client that has SBS 2003 and everything is up to date. They
recently been getting messages such as the following pasted
below. The question I have is that they are not sending messages
to the email address listed below and appears someone is jacking
their email. What can I do to try and correct this issue.

<snip>

Spammers and viruses spoof senders all the time, and the innocent
parties get the NDRs. Usually, the recipient's mail server is not
doing enough checking of the headers ....but you can't control that.





.

Relevant Pages

  • Re: Exchange server 2003
    ... You mean, like a dictionary attack? ... These are NDRs coming in to his users - pertaining to mail ... Does the Server hang intermittently? ... Exmerge out the emails from the current mailbox to PST. ...
    (microsoft.public.windows.server.sbs)
  • RE: sendmail blocking
    ... the administrator I don't receive any NDRs. ... >> mail server, and the external world that acts as a mail ... Since Nick has been receiving this junk email for a year now ... marketing mailing lists. ...
    (RedHat)
  • Re: Spam attack
    ... No NDR is generated for an SMTP message denied with a 550 regardless of whether you've configured NDRs or not. ... Once enabled and properly added to the SMTP virtual server, exchange will now generate a 550 for invalid mailboxes instead of accepting and later sending an NDR. ... Somebody can connect and just start throwing addresses at your server and seeing which ones generate 550 or 250, thus eventually gathering legitimate emails. ...
    (microsoft.public.windows.server.sbs)
  • RES: NDRs from spamming
    ... Since you will start sending out lots of NDRs to domains out there, ... your email server use to attach the original message (so message content ... By default, your mail server will issue a NDR for each NDR it receives, ... We are receiving lots of NDRs from hundreds of non-existent ...
    (Incidents)
  • Re: blocking spam ndrs that arent sent by user
    ... Have you or anyone else out there had any success in setting up the Sender ID filtering? ... The NDRs themselves are perfectly genuine, they come from legitimate mail servers, they would all pass SPF tests. ... Invalid email recipients should be detected at the SMTP transaction stage, the sending server informed and the message refused. ... Backup MX hosts that don't perform recipient verification are high on the list as well as Qmail based MTAs which almost always accept mail before firing a backscatter NDR. ...
    (microsoft.public.windows.server.sbs)