Spam from "postmaster@mydomain.com (Full Version)

All Forums >> [Microsoft Exchange 2003] >> Exchange 2003 SBS



Message


tuxor -> Spam from "postmaster@mydomain.com (25.Feb.2009 6:45:51 PM)

I'm having a little bit of a problem.  I was going through my queues in Exchange 2003 and found that there are a lot of emails in the queues  for a bunch of random places (ei. gayaussies.com, addressofjkrowling.com, etc.) and when I look at the emails they are all from "postmaster@mydomain.com".  I'm pretty sure no one is actually sending emails to these places so I'm thinking I have some sort of virus sending these emails from my server.  I have AVG Anti-Virus Network Edition running on the server.  I guess my question is does this mean I have a virus that my AV isn't catching?




uemurad -> RE: Spam from "postmaster@mydomain.com (26.Feb.2009 12:51:52 AM)

You're seeing the results of receiving spam.  I wrote this article to try to explain what is happening.




tuxor -> RE: Spam from "postmaster@mydomain.com (26.Feb.2009 11:04:26 AM)

OK I could see them being NDRs if the emails were inbound.  However, I thought those queues were all outgoing emails.  Does that mean that my server got the NDRs and is now trying to resend these spam emails?




uemurad -> RE: Spam from "postmaster@mydomain.com (26.Feb.2009 1:19:03 PM)

You've got it reversed.  Let me try to explain with an example:

Someone from outside sends a message.  The sending address shows up as invaliduser@dummydomain.com.  The receiving address is nonexistentuser@yourdomain.com (let's pretend that's your actual domain name).

Since yourdomain.com is owned by you, the message goes to your Exchange server.  Since "nonexistentuser" is not a valid address in your domain, your server wants to send an NDR back to where it thinks the message came.  However, since dummydomain.com doesn't really exist, your server puts it in the queue to try again later.  The NDR you send out comes from postmaster@yourdomain.com

Do that over and over again, and soon your queue is full of NDRs with nowhere to go.  That being said, it isn't hurting your server's performance because Exchange tries to resend once every six hours for 48 hours total.

The best way to get rid of these is to prevent the spam from getting to your server in the first place.




tuxor -> RE: Spam from "postmaster@mydomain.com (26.Feb.2009 1:46:44 PM)

OK that makes more sense.  Thank you for your responses.




Page: [1]