NDRs are generally worthless these days, when they are directed to the system administrator. It generally (usually, but not always) means that someone got spam'ed or someone had netsky or has an email address on a webpage or yadda yadda yadda. Your time is likely better served by checking the event log. :-) -----Original Message----- From: rubix cube [mailto:rubixc@xxxxxxxxx] Sent: Sunday, January 02, 2005 7:17 AM To: [ExchangeList] Subject: [exchangelist] NDR reports http://www.MSExchange.org/ Hi, I have setup a cathall mailbox (from the script that Michael B. Smith wrote), this mailbox is not being used by any one, for example its called ndr (non delivery reports), I added it in my outlook, and I find these tons of email which seem very real from our System Administrator (beside the junk and spam NDRs that I can recognize easily) The system administrator emails are kind of returned emails that ndr has sent (which I know he has not because no one uses it in fact). The message being from the System Administrator has no headers so I can't tell what IPs in there. I want to know if these are symptoms of an infection? I checked my exchange and its clean but am worried a client's machine has a worm, and then still this ndr mailbox is only setup only in my machine. Or is it something I shouldn't be worried about? I am pasting a sample of these system administrator errors, the customandtrade is not my domain and the email is actually from System Administrator to ndr mailbox. thanx _____________________________________________ From: System Administrator Sent: Sunday, January 02, 2005 5:16 AM To: wslpnq@xxxxxxxxxxxxxxxxxxx Subject: Undeliverable:FwD: Mail Error Your message did not reach some or all of the intended recipients. Subject: FwD: Mail Error Sent: 1/2/2005 3:04 AM The following recipient(s) could not be reached: wslpnq@xxxxxxxxxxxxxxxxxxx on 1/2/2005 3:04 AM The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address. <mail.customsandtrade.com #5.1.1 X-Notes; User wslpnq (wslpnq@xxxxxxxxxxxxxxxxxxx) not listed in public Name & Address Book> ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Exchange Newsletters: http://www.msexchange.org/pages/newsletter.asp Exchange FAQ: http://www.msexchange.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 ISA Server Resource Site: http://www.isaserver.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this MSEXchange.org Discussion List as: michael@xxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=exchangelist Report abuse to listadmin@xxxxxxxxxxxxxx