NDR reports

  • From: rubix cube <rubixc@xxxxxxxxx>
  • To: exchangelist@xxxxxxxxxxxxx
  • Date: Sun, 2 Jan 2005 15:16:58 +0300

I have setup a cathall mailbox (from the script that Michael B. Smith wrote),
this mailbox is not being used by any one, for example its called ndr
(non delivery reports), I added it in my outlook, and I find these
tons of email which seem very real from our System Administrator
(beside the junk and spam NDRs that I can recognize easily)
The system administrator emails are kind of returned emails that ndr
has sent (which I know he has not because no one uses it in fact).

The message being from the System Administrator has no headers so I
can't tell what IPs in there.
I want to know if these are symptoms of an infection? I checked my
exchange and its clean but am worried a client's machine has a worm,
and then still this ndr mailbox is only setup only in my machine.
Or is it something I shouldn't be worried about?

I am pasting a sample of these system administrator errors, the
customandtrade is not my domain and the email is actually from System
Administrator to ndr mailbox.

From: System Administrator 
Sent: Sunday, January 02, 2005 5:16 AM
To: wslpnq@xxxxxxxxxxxxxxxxxxx
Subject: Undeliverable:FwD: Mail Error

Your message did not reach some or all of the intended recipients.

      Subject:  FwD: Mail Error
      Sent:     1/2/2005 3:04 AM

The following recipient(s) could not be reached:

      wslpnq@xxxxxxxxxxxxxxxxxxx on 1/2/2005 3:04 AM
            The e-mail account does not exist at the organization this
message was sent to.  Check the e-mail address, or contact the
recipient directly to find out the correct address.
            <mail.customsandtrade.com #5.1.1 X-Notes; User wslpnq
(wslpnq@xxxxxxxxxxxxxxxxxxx) not listed in public Name & Address Book>

Other related posts: