Server help!! Possible comprimised over 6000 NDRs!!!! HELP!

  • From: "KEN MORRIS" <KMORRIS@xxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Tue, 23 Sep 2003 21:51:32 -0400


As Exchange Admin (with little training unfortunately) I recieve the NDR's.
Today I have recieved over 6000 NRD's all with subjects, email addresses both
send and recieve that are not a part of our domain.
I have checked to ensure that spoofing is disabled, yet I cannot figure out
how we are being used. 

I can forward on one of the NRD's to anyone. I have not been able to figure a
way to check the headers on the NDR. Here is a copy of the text for one of
the NDR's:

The following recipient(s) could not be reached: 

  cathyb76@xxxxxxxxxxx on 9/23/2003 9:43 PM
  There was a SMTP communication problem with the recipient's email server.
Please contact your system administrator.
  < #5.5.0 smtp;550 Requested action not taken: mailbox

I figure that by morning, my inbox will be once again filled, could you
please forward any questions to k2keener@xxxxxxxxxxx  as well as the list. I
do not want to loose any responses. 



Other related posts: