• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Spam from "postmaster@mydomain.com

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2003] >> Exchange 2003 SBS >> Spam from "postmaster@mydomain.com Page: [1]
Login
Message << Older Topic   Newer Topic >>
Spam from "postmaster@mydomain.com - 25.Feb.2009 6:45:51 PM   
tuxor

 

Posts: 3
Joined: 25.Feb.2009
Status: offline
I'm having a little bit of a problem.  I was going through my queues in Exchange 2003 and found that there are a lot of emails in the queues  for a bunch of random places (ei. gayaussies.com, addressofjkrowling.com, etc.) and when I look at the emails they are all from "postmaster@mydomain.com".  I'm pretty sure no one is actually sending emails to these places so I'm thinking I have some sort of virus sending these emails from my server.  I have AVG Anti-Virus Network Edition running on the server.  I guess my question is does this mean I have a virus that my AV isn't catching?
Post #: 1
RE: Spam from "postmaster@mydomain.com - 26.Feb.2009 12:51:52 AM   
uemurad

 

Posts: 8232
Joined: 7.Jan.2004
From: California, USA
Status: offline
You're seeing the results of receiving spam.  I wrote this article to try to explain what is happening.

_____________________________

Regards,

Dean T. Uemura
Microsoft MVP - Exchange (2007-2011)
exchangeguy.blogspot.com
uemurad@yahoo.com

(in reply to tuxor)
Post #: 2
RE: Spam from "postmaster@mydomain.com - 26.Feb.2009 11:04:26 AM   
tuxor

 

Posts: 3
Joined: 25.Feb.2009
Status: offline
OK I could see them being NDRs if the emails were inbound.  However, I thought those queues were all outgoing emails.  Does that mean that my server got the NDRs and is now trying to resend these spam emails?

(in reply to tuxor)
Post #: 3
RE: Spam from "postmaster@mydomain.com - 26.Feb.2009 1:19:03 PM   
uemurad

 

Posts: 8232
Joined: 7.Jan.2004
From: California, USA
Status: offline
You've got it reversed.  Let me try to explain with an example:

Someone from outside sends a message.  The sending address shows up as invaliduser@dummydomain.com.  The receiving address is nonexistentuser@yourdomain.com (let's pretend that's your actual domain name).

Since yourdomain.com is owned by you, the message goes to your Exchange server.  Since "nonexistentuser" is not a valid address in your domain, your server wants to send an NDR back to where it thinks the message came.  However, since dummydomain.com doesn't really exist, your server puts it in the queue to try again later.  The NDR you send out comes from postmaster@yourdomain.com

Do that over and over again, and soon your queue is full of NDRs with nowhere to go.  That being said, it isn't hurting your server's performance because Exchange tries to resend once every six hours for 48 hours total.

The best way to get rid of these is to prevent the spam from getting to your server in the first place.

_____________________________

Regards,

Dean T. Uemura
Microsoft MVP - Exchange (2007-2011)
exchangeguy.blogspot.com
uemurad@yahoo.com

(in reply to tuxor)
Post #: 4
RE: Spam from "postmaster@mydomain.com - 26.Feb.2009 1:46:44 PM   
tuxor

 

Posts: 3
Joined: 25.Feb.2009
Status: offline
OK that makes more sense.  Thank you for your responses.

(in reply to uemurad)
Post #: 5

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2003] >> Exchange 2003 SBS >> Spam from "postmaster@mydomain.com Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter