Exchange Server Forums
Forums |
Register |
Login |
My Profile |
Inbox |
RSS
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
Getting Undeliverable: Returned mail: User unknown on Mail We Never Sent
Users viewing this topic:
none
|
Logged in as: Guest
|
Login | |
|
Getting Undeliverable: Returned mail: User unknown on M... - 16.Sep.2003 7:14:00 PM
|
|
|
Scuba Steve
Posts: 62
Joined: 13.Aug.2003
From: Oldsmar, FL
Status: offline
|
The system administrator's account is getting swamped by mail with the subject Undeliverable: Returned mail: User unknown on mail that (we think) no one in our organization has ever sent.
Here is the message body: quote: -----Original Message----- From: System Administrator Sent: Tuesday, September 16, 2003 12:01 PM To: cuttie1203@aol.com; ddentrpris@aol.com Subject: Undeliverable: Returned mail: User unknown
Your message did not reach some or all of the intended recipients.
Subject: Re: get prescription meds to your door - no prior prescription needed ulr sgi iryubprg po pm llyamruqvgyldt qbjwksleuxuv htlfm r gjzh hltenwnmobdmgkn udxxw wzck Sent: 9/16/2003 11:03 AM
The following recipient(s) could not be reached:
cuttie1203@aol.com on 9/16/2003 11:19 AM The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address. < str-d10.mail.aol.com #5.1.1 SMTP; 550 MAILBOX NOT FOUND>
ddentrpris@aol.com on 9/16/2003 11:19 AM The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address. < str-d10.mail.aol.com #5.1.1 SMTP; 550 MAILBOX NOT FOUND>
- How can I be sure that someone, or something is sending the message within the orgainzation?
- I am worried that someone is using our Exchange Server as a spam server. So I checked our relay settings and all seems to be well. Here are the settings:
- Only the List Below:
Server's internal ip address. Server's external ip address. Allow all computer which successfully authenticate to relay, regardless of the settings above.
- How can I find who is sending these messages and block them?
Any help on this topic would be greatly appreciated! Thanks,
****
|
|
|
RE: Getting Undeliverable: Returned mail: User unknown ... - 17.Sep.2003 10:34:00 PM
|
|
|
ksoliz
Posts: 65
Joined: 16.Sep.2003
From: US
Status: offline
|
You need to take a look at this article...
http://www.msexchange.org/tutorials/MF005.html
Here is one thing I over looked when I first setup my exchange server.
On the address tab of the SMTP connector... Make sure you do not have the ôAllow messages to be relayed to these domainsö checked, as this will override the settings on your SMTP Virtual server and you will be an ôOpenö Relay.
That article has a few links to some testing website that will test your server for an open relay. There is also a manual test in the article.
Also make sure SMTP loggin is enabled if you are wanting to track access
|
|
|
RE: Getting Undeliverable: Returned mail: User unknown ... - 19.Sep.2003 3:26:00 AM
|
|
|
ksoliz
Posts: 65
Joined: 16.Sep.2003
From: US
Status: offline
|
If you made sure your setup is identical to the link I posted then I can only assume you are having trouble cause of the setting below.
"Allow all computers which successfully authenticate to relay, regardless of the settings above."
Either someone inside is generating the SPAM or someone outside is connecting sending mail through your server with a valid username/password. I say that last part because I noticed you have your server's external IP in the granted list...curious, why are you doing this?
Also, do you have SMTP logging enabled? You need to to get a clear idea of who/what is coming and going through the mail server. Make sure and check the extended logging properties for what is being logged.
|
|
|
RE: Getting Undeliverable: Returned mail: User unknown ... - 20.Sep.2003 12:44:00 AM
|
|
|
Egiganet
Posts: 135
Joined: 10.Dec.2002
From: Michigan
Status: offline
|
Your settings appear to be fine. Without seeing the full header information you can't tell if the messages are originating from your network or not. Someone is probably spoofing your address, that was one of the annoyances with the sobig.f virus.
-Andy
|
|
|
RE: Getting Undeliverable: Returned mail: User unknown ... - 21.Sep.2003 6:15:00 AM
|
|
|
ksoliz
Posts: 65
Joined: 16.Sep.2003
From: US
Status: offline
|
Steve, really sounds like you are experiencing a SMTP auth attack. Someone is using an account to gain access externally. Users using weak passwords make this a big risk. There is another post in the Security section talking about this.
Take a look at this link for details.
http://www.vamsoft.com/orf/authattack.asp
|
|
|
New Messages |
No New Messages |
Hot Topic w/ New Messages |
Hot Topic w/o New Messages |
Locked w/ New Messages |
Locked w/o New Messages |
|
Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|