Unexplained NDR's (Full Version)

All Forums >> [Microsoft Exchange 2003] >> Server Security



Message


swhowie -> Unexplained NDR's (22.Feb.2012 11:28:39 AM)

Maybe I've never noticed this before, but we've had a virus on a local machine that was sending out spam through our Exchange 2003 server. I think that is solved, but...

I keep seeing NDR's listed in the Exchange message tracker, going to external addresses. I can't find any corresponding messages that would/could have been sent originally, and nothing in the outgoing queues that would correlate. Are these external attempts to relay? I'm trying to get us off the spam lists as it is, but am concerned we may still have a problem.

Thanks in advance for any advice!




uemurad -> RE: Unexplained NDR's (16.Mar.2012 4:40:01 PM)

NDRs and relaying are confusing topics. See if myattempt at explaining helps explain what I think is happening.




swhowie -> RE: Unexplained NDR's (17.Mar.2012 12:16:48 AM)

Thanks for the great post. I have concluded the same thing with the NDR's. It just threw me since we've been compromised in the past, but I can't find any direct evidence of that now. The NDR's all come from outside the building, so I think they are misdirected returns from a "septic" server.




Page: [1]