RE: NDR reports

  • From: "Michael B. Smith" <michael@xxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Mon, 3 Jan 2005 07:53:13 -0500

NDRs are generally worthless these days, when they are directed to the
system administrator.

It generally (usually, but not always) means that someone got spam'ed or
someone had netsky or has an email address on a webpage or yadda yadda

Your time is likely better served by checking the event log. :-) 

-----Original Message-----
From: rubix cube [mailto:rubixc@xxxxxxxxx] 
Sent: Sunday, January 02, 2005 7:17 AM
To: [ExchangeList]
Subject: [exchangelist] NDR reports

I have setup a cathall mailbox (from the script that Michael B. Smith
wrote), this mailbox is not being used by any one, for example its
called ndr (non delivery reports), I added it in my outlook, and I find
these tons of email which seem very real from our System Administrator
(beside the junk and spam NDRs that I can recognize easily) The system
administrator emails are kind of returned emails that ndr has sent
(which I know he has not because no one uses it in fact).

The message being from the System Administrator has no headers so I
can't tell what IPs in there.
I want to know if these are symptoms of an infection? I checked my
exchange and its clean but am worried a client's machine has a worm, and
then still this ndr mailbox is only setup only in my machine.
Or is it something I shouldn't be worried about?

I am pasting a sample of these system administrator errors, the
customandtrade is not my domain and the email is actually from System
Administrator to ndr mailbox.

From: System Administrator
Sent: Sunday, January 02, 2005 5:16 AM
To: wslpnq@xxxxxxxxxxxxxxxxxxx
Subject: Undeliverable:FwD: Mail Error

Your message did not reach some or all of the intended recipients.

      Subject:  FwD: Mail Error
      Sent:     1/2/2005 3:04 AM

The following recipient(s) could not be reached:

      wslpnq@xxxxxxxxxxxxxxxxxxx on 1/2/2005 3:04 AM
            The e-mail account does not exist at the organization this
message was sent to.  Check the e-mail address, or contact the recipient
directly to find out the correct address.
            < #5.1.1 X-Notes; User wslpnq
(wslpnq@xxxxxxxxxxxxxxxxxxx) not listed in public Name & Address Book>

List Archives:
Exchange Newsletters:
Exchange FAQ:
Other Internet Software Marketing Sites:
World of Windows Networking: Leading
Network Software Directory:
No.1 ISA Server Resource Site: Windows Security
Resource Site: Network Security Library: Windows 2000/NT Fax Solutions:
You are currently subscribed to this Discussion List as:
michael@xxxxxxxxxx To unsubscribe visit
Report abuse to listadmin@xxxxxxxxxxxxxx

Other related posts: