RE: Queues

• From: Chris Wall <Chris.Wall@xxxxxxxxxxxxxxxxxxx>
• To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
• Date: Wed, 1 Sep 2004 16:33:12 -0400

Nef,

   If you are using Exchange 2000 or 2003 some of the members recommended
using ORF from Vamsoft....
http://www.vamsoft.com/orf/  
   I have never used it myself.

   I use GFI Mail Essentials/Mail Security and it has a built in
functionality that will synch with exchange.  If an e-mail comes in and GFI
does not see it as a valid e-mail address in the org, it will delete the
message and prevent Exchange from sending out these NDR's.  

   I am sure there are other options, but these two seem to be the most cost
efficient methods.

Chrsi 

-----Original Message-----
From: Nef Perez [mailto:nperez@xxxxxxxxxxxxxxx] 
Sent: Wednesday, September 01, 2004 3:45 PM
To: [ExchangeList]
Subject: [exchangelist] RE: Queues

Chris -
I think you're right on the money. When I go to the badmail directory on my
Exchange server, I have thousands of badmail and when I view them they are
addressed to unknown users. The emails are small in size.

How do I prevent this? Is it as simple as installing a spam guard software?
What was the "long" post titled, so I can research it?

Here's a sample (sorry - it's kinda long):

From: postmaster@xxxxxxxxxxxxxxx
To: midwwnwvmMZS@xxxxxxxxxxxxxxxxxxx
Date: Wed, 1 Sep 2004 14:04:58 -0400
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
        boundary="9B095B5ADSN=_01C479D5F958DF040005FF75athena.idtmarket"
X-DSNContext: 335a7efd - 4457 - 00000001 - 80040546
Message-ID: <0KeMTJ4V100010373@xxxxxxxxxxxxxxxxxxxxxxx>
Subject: Delivery Status Notification (Failure)

This is a MIME-formatted message.  
Portions of this message may be unreadable without a MIME-capable mail
program.

--9B095B5ADSN=_01C479D5F958DF040005FF75athena.idtmarket
Content-Type: text/plain; charset=unicode-1-1-utf-7

This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

       clyde@xxxxxxxxxxxxxxxx




--9B095B5ADSN=_01C479D5F958DF040005FF75athena.idtmarket
Content-Type: message/delivery-status

Reporting-MTA: dns;athena.idtmarketing.com
Received-From-MTA: dns;h11.106.102.166.ip.alltel.net
Arrival-Date: Wed, 1 Sep 2004 14:04:51 -0400

Final-Recipient: rfc822;clyde@xxxxxxxxxxxxxxxx
Action: failed
Status: 5.1.1

--9B095B5ADSN=_01C479D5F958DF040005FF75athena.idtmarket
Content-Type: message/rfc822

Received: from h11.106.102.166.ip.alltel.net ([166.102.106.11]
unverified) by athena.idtmarketing.com with Microsoft
SMTPSVC(5.0.2195.6713);
         Wed, 1 Sep 2004 14:04:51 -0400
X-Message-Info: POmbPD785pnmLDVpkeOMf751WMLg105+RTtc45yfOGW
Received: from qyhawqhz335.attitude.com ([102.67.30.192]) by
m4-nk406.attitude.com with Microsoft SMTPSVC(5.0.2195.6824);
         Thu, 02 Sep 2004 00:56:39 +0600
Received: from Ashleeq63a24e93j ([185.231.65.161]) by
jxhpbhla24.attitude.com
          (InterMail vM.5.01.06.05 297-510-399-355-273-588635077) with SMTP
          id
<134819740519396.BNJBV85.khatii792.attitude.com@divestiturege5j267abr0uq
>
          for <clyde@xxxxxxxxxxxxxxxx>; Wed, 01 Sep 2004 23:52:39 +0500
Message-ID: <050ngd4rfj4398$0256461$u35fsi8@Ashleevag69rz1a18m>
From: "Cornelia Hargrove" <midwwnwvmMZS@xxxxxxxxxxxxxxxxxxx>
To: <clyde@xxxxxxxxxxxxxxxx>
Subject: Buy Hydrocodone online, free overnight shipping
Date: Wed, 01 Sep 2004 13:53:39 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="--5618441267460908158"
Return-Path: midwwnwvmMZS@xxxxxxxxxxxxxxxxxxx
X-OriginalArrivalTime: 01 Sep 2004 18:04:55.0154 (UTC)
FILETIME=[2F793D20:01C4904E]

----5618441267460908158
Content-Type: text/html;
Content-Transfer-Encoding: 7Bit

<html>
<body>http://www.MSExchange.org/<BR>


<p align="center">
Hello  Clyde   ( Wed, 01 Sep 2004 11:53:39 -0700 )<br><br>

Are you tried of being ri<font style="FONT-SIZE: 1px">a</font>pped off by
overpr<font style="FONT-SIZE: 1px">s</font>iced Meds ?<br> <br> Is healing
your pain hurting your budget ?<br> <br>We at Dis<font style="FONT-SIZE:
1px">f2</font>count Meds have found a solution for you<br> <br> sa<font
style="FONT-SIZE: 1px">f</font>ve 70<font style="FONT-SIZE:
1px">g</font>%+ on all your popular meds
<aref="http://qasmbqtheoqthylgqmfl.Clyde.basicrxmeds.com/?wid=100075";>Vi
<font style="FONT-SIZE: 1px">k</font>sit si<font style="FONT-SIZE:
1px">m</font>te now</a> to sta<font style="FONT-SIZE: 1px">f</font>rt
sa<font style="FONT-SIZE: 1px">l</font>ving!


------------------------------------------------------<BR>
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist<BR>
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp<BR>
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ<BR>
------------------------------------------------------<BR>
Other Internet Software Marketing Sites:<BR> World of Windows Networking:
http://www.windowsnetworking.com<BR>
Leading Network Software Directory: http://www.serverfiles.com<BR>
No.1 ISA Server Resource Site: http://www.isaserver.org<BR> Windows Security
Resource Site: http://www.windowsecurity.com/<BR>
Network Security Library: http://www.secinf.net/<BR> Windows 2000/NT Fax
Solutions: http://www.ntfaxfaq.com<BR>
------------------------------------------------------<BR>
You are currently subscribed to this MSEXchange.org Discussion List as:
Chris.Wall@xxxxxxxxxxxxxxxxxxx<BR>
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist<BR>
Report abuse to listadmin@xxxxxxxxxxxxxx </BODY> </html>

----5618441267460908158---
--9B095B5ADSN=_01C479D5F958DF040005FF75athena.idtmarket--


 


-----Original Message-----
From: Chris Wall [mailto:Chris.Wall@xxxxxxxxxxxxxxxxxxx]
Sent: Wednesday, September 01, 2004 3:10 PM
To: [ExchangeList]
Subject: [exchangelist] Re: Queues

http://www.MSExchange.org/

Or spam could be coming in to your domain that is addressed to non-existant
accounts and your exchange server is trying to send an NDR.  Of course the
address your server is trying to send mail to is a 'spoofed' address and is
not real.  So you must wait for the message to time out and be deleted from
the queue....

Are all the messages similar in size?  (if so this is a good indicator that
they are NDR's) Can you open any of the messages to see the text?  If so,
give us a sample...

As far as stopping it, there was just a long post in this group (just
yesterday I believe) about this very issue...

Chris 

-----Original Message-----
From: Danny [mailto:nocmonkey@xxxxxxxxx]
Sent: Wednesday, September 01, 2004 3:00 PM
To: [ExchangeList]
Subject: [exchangelist] Re: Queues

http://www.MSExchange.org/

On Wed, 1 Sep 2004 13:44:17 -0600, NPerez <nperez@xxxxxxxxxxxxxxx>
wrote:
> http://www.MSExchange.org/
> 
> Windows 2k & Exchange 2k
> I was looking through my queues folder under my SMTP folder in my 
> Exchange admin, and I found many domains that I do not recognized 
> (like yeehaww.au, haang.de, and a bunch of others). I don't think my 
> users are sending emails to these domains. How do they get there and
how
can I prevent it?

Your configuration has one or a combination of one of the following
problems:

A) Your server is an open relay.
*http://www.msexchange.org/tutorials/MF005.html
*Search for how to close open relay in Exchange on the Internet.

B) A network device, probably a computer part of your LAN, has become
infected with a virus and is relaying through the Exchange Server.
*Run up to date AV software on all network connected devices.

C) Your server is infected with a virus.
*Do you run and scan your server with up-to-date AV software?

D) Your users are sending out SPAM on purpose. :) *Highly unlikely, but
anything is possible.

Hope this helps.

...D

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
Chris.Wall@xxxxxxxxxxxxxxxxxxx To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp
Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Other Internet Software Marketing Sites:
World of Windows Networking: http://www.windowsnetworking.com Leading
Network Software Directory: http://www.serverfiles.com
No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security
Resource Site: http://www.windowsecurity.com/ Network Security Library:
http://www.secinf.net/ Windows 2000/NT Fax Solutions:
http://www.ntfaxfaq.com
------------------------------------------------------
You are currently subscribed to this MSEXchange.org Discussion List as:
nperez@xxxxxxxxxxxxxxx
To unsubscribe visit
http://www.webelists.com/cgi/lyris.pl?enter=exchangelist
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts:

• » Queues
• » Re: Queues
• » Re: Queues
• » RE: Queues
• » RE: Queues
• » RE: Queues
• » Queues

1. Home
2. exchangelist
3. Archive
4. 09-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---