Posts: 1
Joined: 28.Jul.2005
From: Boston
Status: offline
I am seeing frequent errors posted in the event log and want to track down the issue.
The error in the log is: Event Type: Error Event Source: MSExchangeIS Public Store Event Category: Transport Delivering Event ID: 2028 Date: 7/28/2005 Time: 8:42:47 AM User: N/A Computer: server name Description: The delivery of a message sent by public folder MAIL<long string> has failed. To: john@domain.com Cc:
The non-delivery report has been deleted.
I am guessing that a virus [probably Mytob or similar] is sending mail to our domain using a spoofed address that is also assigned to a public folder.
How can I learn what folder is causing the problems. I assume that "MAIL<long string>" is some type of ID but i'm not sure how to use it to identify the actual folder.
I was also seeing these messages and finally discovered the reason.
Exchange 2000, apparently by design, throws away any NDR received for an email address assigned to a public folder. The event 2028 is logged.
In our case, a very generic email address "Accounts@xyz.com" is assigned to a public folder. On our SMTP gateways (non-Microsoft product through which all incoming mail is filtered prior to hitting Exchange) I found logs of incoming emails with the spoofed sender "Accounts@xyz.com". The destinations for these spoofed emails were non-existent addresses like "Jane@xyz.com" or "Joe@xyz.com". The contents of these emails are quite obviously viral attachments (being stripped, of course). The email is then forwarded to Exchange after being sanitized.
Obviously, Exchange then responds by sending an NDR to "Accounts@xyz.com", which Exchange then promptly threw away (see previous "by design" info).
Cute, eh?
I'm reducing the incidence of these event logs by blacklisting at the SMTP gateway these generic email addresses as I see them logged. There is no valid reason for our external gateways to receive email FROM this internal address.
Like you, I spent a lot of time looking for others who had found a fix for this "error" occuring in Exchange, only to find that it's frustrating to see the event log error messages - but is a "by design" functionality built into Exchange.
I found this comment elsewhere: "Allowing NDRs to go to Public Folders would expose them to looping messages. The potential negatives were seen as far outweighing the convenience of allowing NDRs to go to Public Folders. This is by design."
I found several mentions of various hotfixes/patches to correct other problems that generate this error... but in our case none of the "problems" applied, and therefore none of the "fixes" applied.
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Printable Version
All Forums >> [Microsoft Exchange 2000] >> Public Folders >> Error from public folder sending mail. 
Error from public folder sending mail. - 
RE: Error from public folder sending mail. - 
RE: Error from public folder sending mail. - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread
