Nef, If you are using Exchange 2000 or 2003 some of the members recommended using ORF from Vamsoft.... http://www.vamsoft.com/orf/ I have never used it myself. I use GFI Mail Essentials/Mail Security and it has a built in functionality that will synch with exchange. If an e-mail comes in and GFI does not see it as a valid e-mail address in the org, it will delete the message and prevent Exchange from sending out these NDR's. I am sure there are other options, but these two seem to be the most cost efficient methods. Chrsi -----Original Message----- From: Nef Perez [mailto:nperez@xxxxxxxxxxxxxxx] Sent: Wednesday, September 01, 2004 3:45 PM To: [ExchangeList] Subject: [exchangelist] RE: Queues Chris - I think you're right on the money. When I go to the badmail directory on my Exchange server, I have thousands of badmail and when I view them they are addressed to unknown users. The emails are small in size. How do I prevent this? Is it as simple as installing a spam guard software? What was the "long" post titled, so I can research it? Here's a sample (sorry - it's kinda long): From: postmaster@xxxxxxxxxxxxxxx To: midwwnwvmMZS@xxxxxxxxxxxxxxxxxxx Date: Wed, 1 Sep 2004 14:04:58 -0400 MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary="9B095B5ADSN=_01C479D5F958DF040005FF75athena.idtmarket" X-DSNContext: 335a7efd - 4457 - 00000001 - 80040546 Message-ID: <0KeMTJ4V100010373@xxxxxxxxxxxxxxxxxxxxxxx> Subject: Delivery Status Notification (Failure) This is a MIME-formatted message. Portions of this message may be unreadable without a MIME-capable mail program. --9B095B5ADSN=_01C479D5F958DF040005FF75athena.idtmarket Content-Type: text/plain; charset=unicode-1-1-utf-7 This is an automatically generated Delivery Status Notification. Delivery to the following recipients failed. clyde@xxxxxxxxxxxxxxxx --9B095B5ADSN=_01C479D5F958DF040005FF75athena.idtmarket Content-Type: message/delivery-status Reporting-MTA: dns;athena.idtmarketing.com Received-From-MTA: dns;h11.106.102.166.ip.alltel.net Arrival-Date: Wed, 1 Sep 2004 14:04:51 -0400 Final-Recipient: rfc822;clyde@xxxxxxxxxxxxxxxx Action: failed Status: 5.1.1 --9B095B5ADSN=_01C479D5F958DF040005FF75athena.idtmarket Content-Type: message/rfc822 Received: from h11.106.102.166.ip.alltel.net ([166.102.106.11] unverified) by athena.idtmarketing.com with Microsoft SMTPSVC(5.0.2195.6713); Wed, 1 Sep 2004 14:04:51 -0400 X-Message-Info: POmbPD785pnmLDVpkeOMf751WMLg105+RTtc45yfOGW Received: from qyhawqhz335.attitude.com ([102.67.30.192]) by m4-nk406.attitude.com with Microsoft SMTPSVC(5.0.2195.6824); Thu, 02 Sep 2004 00:56:39 +0600 Received: from Ashleeq63a24e93j ([185.231.65.161]) by jxhpbhla24.attitude.com (InterMail vM.5.01.06.05 297-510-399-355-273-588635077) with SMTP id <134819740519396.BNJBV85.khatii792.attitude.com@divestiturege5j267abr0uq > for <clyde@xxxxxxxxxxxxxxxx>; Wed, 01 Sep 2004 23:52:39 +0500 Message-ID: <050ngd4rfj4398$0256461$u35fsi8@Ashleevag69rz1a18m> From: "Cornelia Hargrove" <midwwnwvmMZS@xxxxxxxxxxxxxxxxxxx> To: <clyde@xxxxxxxxxxxxxxxx> Subject: Buy Hydrocodone online, free overnight shipping Date: Wed, 01 Sep 2004 13:53:39 -0500 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--5618441267460908158" Return-Path: midwwnwvmMZS@xxxxxxxxxxxxxxxxxxx X-OriginalArrivalTime: 01 Sep 2004 18:04:55.0154 (UTC) FILETIME=[2F793D20:01C4904E] ----5618441267460908158 Content-Type: text/html; Content-Transfer-Encoding: 7Bit <html> <body>http://www.MSExchange.org/<BR> <p align="center"> Hello Clyde ( Wed, 01 Sep 2004 11:53:39 -0700 )<br><br> Are you tried of being ri<font style="FONT-SIZE: 1px">a</font>pped off by overpr<font style="FONT-SIZE: 1px">s</font>iced Meds ?<br> <br> Is healing your pain hurting your budget ?<br> <br>We at Dis<font style="FONT-SIZE: 1px">f2</font>count Meds have found a solution for you<br> <br> sa<font style="FONT-SIZE: 1px">f</font>ve 70<font style="FONT-SIZE: 1px">g</font>%+ on all your popular meds <aref="http://qasmbqtheoqthylgqmfl.Clyde.basicrxmeds.com/?wid=100075";>Vi <font style="FONT-SIZE: 1px">k</font>sit si<font style="FONT-SIZE: 1px">m</font>te now</a> to sta<font style="FONT-SIZE: 1px">f</font>rt sa<font style="FONT-SIZE: 1px">l</font>ving! ------------------------------------------------------<BR> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist<BR> Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp<BR> Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ<BR> ------------------------------------------------------<BR> Other Internet Software Marketing Sites:<BR> World of Windows Networking: http://www.windowsnetworking.com<BR> Leading Network Software Directory: http://www.serverfiles.com<BR> No.1 ISA Server Resource Site: http://www.isaserver.org<BR> Windows Security Resource Site: http://www.windowsecurity.com/<BR> Network Security Library: http://www.secinf.net/<BR> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com<BR> ------------------------------------------------------<BR> You are currently subscribed to this MSEXchange.org Discussion List as: Chris.Wall@xxxxxxxxxxxxxxxxxxx<BR> To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist<BR> Report abuse to listadmin@xxxxxxxxxxxxxx </BODY> </html> ----5618441267460908158--- --9B095B5ADSN=_01C479D5F958DF040005FF75athena.idtmarket-- -----Original Message----- From: Chris Wall [mailto:Chris.Wall@xxxxxxxxxxxxxxxxxxx] Sent: Wednesday, September 01, 2004 3:10 PM To: [ExchangeList] Subject: [exchangelist] Re: Queues http://www.MSExchange.org/ Or spam could be coming in to your domain that is addressed to non-existant accounts and your exchange server is trying to send an NDR. Of course the address your server is trying to send mail to is a 'spoofed' address and is not real. So you must wait for the message to time out and be deleted from the queue.... Are all the messages similar in size? (if so this is a good indicator that they are NDR's) Can you open any of the messages to see the text? If so, give us a sample... As far as stopping it, there was just a long post in this group (just yesterday I believe) about this very issue... Chris -----Original Message----- From: Danny [mailto:nocmonkey@xxxxxxxxx] Sent: Wednesday, September 01, 2004 3:00 PM To: [ExchangeList] Subject: [exchangelist] Re: Queues http://www.MSExchange.org/ On Wed, 1 Sep 2004 13:44:17 -0600, NPerez <nperez@xxxxxxxxxxxxxxx> wrote: > http://www.MSExchange.org/ > > Windows 2k & Exchange 2k > I was looking through my queues folder under my SMTP folder in my > Exchange admin, and I found many domains that I do not recognized > (like yeehaww.au, haang.de, and a bunch of others). I don't think my > users are sending emails to these domains. How do they get there and how can I prevent it? Your configuration has one or a combination of one of the following problems: A) Your server is an open relay. *http://www.msexchange.org/tutorials/MF005.html *Search for how to close open relay in Exchange on the Internet. B) A network device, probably a computer part of your LAN, has become infected with a virus and is relaying through the Exchange Server. *Run up to date AV software on all network connected devices. C) Your server is infected with a virus. *Do you run and scan your server with up-to-date AV software? D) Your users are sending out SPAM on purpose. :) *Highly unlikely, but anything is possible. Hope this helps. ...D ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: Chris.Wall@xxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: nperez@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx