Exchange Server Forums

Error from public folder sending mail.

Users viewing this topic: none

Logged in as: Guest

Printable Version

All Forums >> [Microsoft Exchange 2000] >> Public Folders >> Error from public folder sending mail.

Page: [1]

Message

<< Older Topic Newer Topic >>

Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM

TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!

Error from public folder sending mail. - 28.Jul.2005 11:13:00 AM

pixelator

Posts: 1
Joined: 28.Jul.2005
From: Boston
Status: offline

I am seeing frequent errors posted in the event log and want to track down the issue.

The error in the log is:
Event Type: Error
Event Source: MSExchangeIS Public Store
Event Category: Transport Delivering
Event ID: 2028
Date: 7/28/2005
Time: 8:42:47 AM
User: N/A
Computer: server name
Description:
The delivery of a message sent by public folder MAIL<long string> has failed.
To: john@domain.com
Cc:

The non-delivery report has been deleted.

I am guessing that a virus [probably Mytob or similar] is sending mail to our domain using a spoofed address that is also assigned to a public folder.

How can I learn what folder is causing the problems. I assume that "MAIL<long string>" is some type of ID but i'm not sure how to use it to identify the actual folder.

Post #: 1

Featured Links*

RE: Error from public folder sending mail. - 31.Aug.2005 11:16:00 PM

docnz

Posts: 1
Joined: 31.Aug.2005
From: wgtn
Status: offline

Did you get a response to this as I am encountering the same issue and can fing the right fix.

(in reply to pixelator)

Post #: 2

RE: Error from public folder sending mail. - 18.Oct.2005 4:52:02 PM

bryan.jones

Posts: 1
Joined: 18.Oct.2005
Status: offline

I was also seeing these messages and finally discovered the reason.

Exchange 2000, apparently by design, throws away any NDR received for an email address assigned to a public folder. The event 2028 is logged.

In our case, a very generic email address "Accounts@xyz.com" is assigned to a public folder. On our SMTP gateways (non-Microsoft product through which all incoming mail is filtered prior to hitting Exchange) I found logs of incoming emails with the spoofed sender "Accounts@xyz.com". The destinations for these spoofed emails were non-existent addresses like "Jane@xyz.com" or "Joe@xyz.com". The contents of these emails are quite obviously viral attachments (being stripped, of course). The email is then forwarded to Exchange after being sanitized.

Obviously, Exchange then responds by sending an NDR to "Accounts@xyz.com", which Exchange then promptly threw away (see previous "by design" info).

Cute, eh?

I'm reducing the incidence of these event logs by blacklisting at the SMTP gateway these generic email addresses as I see them logged. There is no valid reason for our external gateways to receive email FROM this internal address.

Like you, I spent a lot of time looking for others who had found a fix for this "error" occuring in Exchange, only to find that it's frustrating to see the event log error messages - but is a "by design" functionality built into Exchange.

I found this comment elsewhere:
"Allowing NDRs to go to Public Folders would expose them to looping
messages. The potential negatives were seen as far outweighing the
convenience of allowing NDRs to go to Public Folders. This is by design."

I found several mentions of various hotfixes/patches to correct other problems that generate this error... but in our case none of the "problems" applied, and therefore none of the "fixes" applied.

Hope this helps!

(in reply to docnz)