RE: False NDRs
- From: <ChongJa@xxxxxxxxxxxxxxxx>
- To: <exchangelist@xxxxxxxxxxxxx>
- Date: Tue, 28 Feb 2006 10:19:27 -0500
I would take a look at the headers to see where it's coming from. That
way you can determine the source and if it's re-occuring from the same
source, you can block.
________________________________
From: Osman Mahmud [mailto:OMahmud@xxxxxxxxxxxxxxxxx]
Sent: Tuesday, February 28, 2006 12:17 AM
To: [ExchangeList]
Subject: [exchangelist] RE: False NDRs
http://www.MSExchange.org/
Thanks, I need to tell you more the this mail had an attachment that
contented virus. this attachment was removed and was replaced by a text
file and the text inside the file is as follows:
Small Business Server has removed potentially unsafe e-mail
attachment(s) from this message:
answer8.pif
Because computer viruses are commonly spread through files attached to
e-mail messages, certain types of files will not be delivered to your
mailbox. For more information, contact the person responsible for your
network.
Is it virus that sends mail using the real mailing address as sender?
Best Regards,
Osman Mahmud
________________________________
From: ChongJa@xxxxxxxxxxxxxxxx [mailto:ChongJa@xxxxxxxxxxxxxxxx]
Sent: Tuesday, February 28, 2006 1:08 AM
To: [ExchangeList]
Subject: [exchangelist] RE: False NDRs
http://www.MSExchange.org/
Many people have experienced this. You are a victim of backscatter. You
really cannot stop receiving the NDR's as far as I know, but people can
do their part by doing LDAP lookups for Exchange so that they don't
contribute to backscatter.
http://spamlinks.net/prevent-secure-backscatter.htm
<http://spamlinks.net/prevent-secure-backscatter.htm>
________________________________
From: Osman Mahmud [mailto:OMahmud@xxxxxxxxxxxxxxxxx]
Sent: Monday, February 27, 2006 8:54 AM
To: [ExchangeList]
Subject: [exchangelist] False NDRs
http://www.MSExchange.org/
Hi guys. Now-a-days I am facing a strange problem regarding to the mail
delivery. Some mails are originating from my domain with the sender as
valid users to the users of other domains and receive NRDs. Users are
complaining that they did not send these emails. My question is how
these emails are being generated and what I need to do to stop this. In
our Exchange environment we have two Exchange clusters, one front-end
server, Antigen antivirus, ServerProtect antivirus and GIF anti Spam
S/W.
One of the NDRs is as follows: ( Our CEO did not send this email but NDR
shows the CEO is sender and he received the NDR!, lot of question marks)
Your message
? To:? ? ? rafiq@xxxxxxxxxx
? Subject: Answer
? Sent:? ? Tue, 21 Feb 2006 15:30:40 +0600
did not reach the following recipient(s):
rafiq@xxxxxxxxxx on Wed, 22 Feb 2006 14:39:44 +0600
? ? The e-mail account does not exist at the organization this message
was sent to.? Check the e-mail address, or contact the recipient
directly to find out the correct address.
? ? <bestbd.com #5.1.1>
Reporting-MTA: dns; ourmailserver.domain.com
Final-Recipient: RFC822; rafiq@xxxxxxxxxx
Action: failed
Status: 5.1.1
X-Supplementary-Info: <bestbd.com #5.1.1>
X-Display-Name: rafiq@xxxxxxxxxx
From: "CEO" <CEO's <mailto:lpreichelt@xxxxxxxxxxxxxxxxx> email ID>
Date: February 21, 2006 3:30:40 PM GMT+06:00
To: <rafiq@xxxxxxxxxx>
Subject: Answer
Hi!
Please read quickly.
Best Regards,
Osman Mahmud
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
chongja@xxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to info@xxxxxxxxxxxxxx
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they are
addressed. It may also be legally privileged. If you are not the named
addressee, you should not copy, forward, disclose or use any part of it.
If you have received this message in error, please delete it and all
copies from your system and notify the sender immediately by return
e-mail. Internet communications cannot be guaranteed to be timely,
secure, error or virus-free. The sender does not accept liability for
any errors or omissions.
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
omahmud@xxxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to info@xxxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
chongja@xxxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to info@xxxxxxxxxxxxxx
Other related posts:
