RE: Many NDR's not showing as coming from/to domain
- From: "Mike Liddekee" <mliddekee@xxxxxxxxx>
- To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
- Date: Thu, 4 Sep 2003 10:58:29 -0500
It looks like you've got something on the inside trying to sending spam or
other junk out. I thought perhaps you had an open relay and someone was
sending email through but I check and you're server looks like it's closed.
I'm not certain offhand if it's a virus, Trojan, or something else. Others may
have some thoughts...
Regards,
Mike Liddekee
Network Engineer
Humco Holding Group, Inc.
7400 Alumax Dr.
Texarkana, TX 75501
Ph: (903) 831-7808 ext 697
-----Original Message-----
From: KEN MORRIS [mailto:KMORRIS@xxxxxxx]
Sent: Thursday, September 04, 2003 10:37 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Many NDR's not showing as coming from/to domain
http://www.MSExchange.org/
John,
here is the body of:
Your message did not reach some or all of the intended recipients.
Subject: SEX
Sent: 9/3/2003 6:01 PM
The following recipient(s) could not be reached:
alwbre@xxxxxxxxxxxx on 9/4/2003 10:56 AM
There was a SMTP communication problem with the recipient's email
server. Please contact your system administrator.
<server.domain #5.5.0 smtp;550 <alwbre@xxxxxxxxxxxx>: User
unknown>
Each email appears to be from a different sender that is not a part of our
domain... ie Qigometh [sasdlfksjfd@xxxxxxx]
Let me know if more information is needed!
Thanks
Ken
-----Original Message-----
From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
Sent: Thursday, September 04, 2003 11:30 AM
To: [ExchangeList]
Subject: [exchangelist] RE: Many NDR's not showing as coming from/to
domain
http://www.MSExchange.org/
Please post what the NDR is saying.
John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com
> -----Original Message-----
> From: KEN MORRIS [mailto:KMORRIS@xxxxxxx]
> Sent: Thursday, September 04, 2003 5:48 AM
> To: [ExchangeList]
> Subject: [exchangelist] Many NDR's not showing as coming from/to domain
>
> http://www.MSExchange.org/
>
> Hi Guys,
>
> This morning I walked into check my NDR's and found many (about 100 or so
> since 1am today) reports being sent to me, When I take a look at my logs,
I
> am finding many event ID 1208 & 1209 messages about the IS maintenance.
All
> of the messages "appear" to be originating from a different domain than
ours.
>
>
> The server is W2K sp4 latest patches as of Tuesday morning, with E2K SP3.
>
> Any suggestions on what else I should be looking for, why I am receiving
> these and has my server been compromised? Any suggestions/help is greatly
> appreciated!
>
> HELP!!
>
> Thanks
> Ken
>
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 ISA Server Resource Site: http://www.isaserver.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this MSExchange.org Discussion List as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to leave-exchangelist-
> 1440469J@xxxxxxxxxxxxx
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
kmorris@xxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
Leading Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org
Windows Security Resource Site: http://www.windowsecurity.com/
Network Security Library: http://www.secinf.net/
Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSExchange.org Discussion List as:
mliddekee@xxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')
Other related posts:
