Re: Exchange server 2003
- From: "jesmin ningthoujam" <jesmin.ningthoujam@xxxxxxxxx>
- Date: Thu, 14 Jun 2007 01:54:16 +0530
- Dictionary Attack / Reverse NDR/ Unsolicited Spam emails ( they all means
the same = menace) I believe they all build up in the Default SMTP Queue
and then populates the BadMail Folder, NDR's to the Admin's inbox.
I am sorry, I am missing out something here. Please can you throw some
light on how do we clear the Queue ?
My understanding according to the original post was, how do we handle the
current situation ?? right ???
------------------------------------------------------------------------
I have a client that has SBS 2003 and everything is up to date. They--------------------------------------------------------------------------
recently been getting messages such as the following pasted below. The
question I have is that they are not sending messages to the email address
listed below and appears someone is jacking their email. What can I do to
try and correct this issue.
--
jesmin ningthoujam
SBS (PSS)
---------------------------------------------
"Lanwench [MVP - Exchange]"
<lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23bnOw9erHHA.1204@xxxxxxxxxxxxxxxxxxxxxxx
jesmin ningthoujam <jesmin.ningthoujam@xxxxxxxxx> wrote:
Reverse NDR's spam .. very very common in a not so secure environment.
You mean, like a dictionary attack? That seems unlikely and isn't implied
by the OP's message. These are NDRs coming in to his users - pertaining to
mail they did not send. That's spoofing. Nothing to do with their own
server at all.
- Check the following :
- ESM > SMTP Queue > doe the Queue look normal ?
- Are the mailflow working ok ?
- Any items in the BadMail Folder in c:\Program
Files\Exchsrvr\Mailroot\Vsi1\
- Does the Server hang intermittently?
- Does the Server performance slows down ??
See above.
If the above symptoms are affirmative, there are a few workarounds.
However, depending on the size of the Exchange Database, creating a
new DB would be the best workaround.
Oh my stars, heavens no. Respectfully, that is very bad advice. It's not
relevant to the OP's issue, and wouldn't be a relevant fix even if he were
undergoing a dictionary attack.
This is what I'd do...
Steps :
------------------------
1. Stop SMTP Service to stop all email flow.
2. Exmerge out the emails from the current mailbox to PST.
3. Create a new Exchange DB
4. Merge in the PST to the new DB.
I *strongly* disagree.
---------------------------------------------
"Newbie Tech" <NewbieTech@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A7639002-5F81-402C-A1C7-DB5EB9649312@xxxxxxxxxxxxxxxx
Thank you very much. I was wondering if there was any thing more I
could do.
Thanks for the information and releif in some way.
"Lanwench [MVP - Exchange]" wrote:
Newbie Tech <NewbieTech@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
I have a client that has SBS 2003 and everything is up to date. They<snip>
recently been getting messages such as the following pasted
below. The question I have is that they are not sending messages
to the email address listed below and appears someone is jacking
their email. What can I do to try and correct this issue.
Spammers and viruses spoof senders all the time, and the innocent
parties get the NDRs. Usually, the recipient's mail server is not
doing enough checking of the headers ....but you can't control that.
.
- References:
- Re: Exchange server 2003
- From: Lanwench [MVP - Exchange]
- Re: Exchange server 2003
- From: jesmin ningthoujam
- Re: Exchange server 2003
- From: Lanwench [MVP - Exchange]
- Re: Exchange server 2003
- Prev by Date: Re: From 2 NICs to 1
- Next by Date: Re: RWW -> SBS -> TS printer redirection
- Previous by thread: Re: Exchange server 2003
- Next by thread: Re: Exchange server 2003
- Index(es):
Relevant Pages
|
