Unwanted outbound mail queue in Exchange 2003

By dhegner ·
I have an issue with my Exchange 2003 server that I'm in a quandry about. I have a constant stream of outbound mail that is queued to be sent to URL's that I'm certain we are not sending to. These are everything from Viagra to Japanese sites.

All the mail has a sender of I suspect I am seeing only that mail that cannot be delivered and remains in the outbound queue. No telling how much is actually being sent.

I have scanned the server several times and found no evidence of virus or malware. I created an SPF record in my local domain but that has not stopped the problem.

I'm coming to the conclusion that I have a workstation inside the domain infected with some kind of malware that is generating these outbound e-mails. All of my workstations are scanned regualrly for virus with Symantec but we have no malware protection.

I'd appreciate any ideas the community can throw my way.

Thanks !!!

This conversation is currently closed to new comments.

2 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -


by Churdoo In reply to Unwanted outbound mail qu ...

is an email domain in your own exchange organization? If so, these could be NDR's generated by your own exchange server from emails that are sent inbound to random users that don't exist at your own org, if that makes sense.

By default, Exchange accepts inbound mail for any valid or invalid user of email domains for which it's authoritative; once it receives the message and an AD lookup indicates that the user does not exist in the org, Exchange generates an NDR and attempts to send it to the sender. A common practice of spammers is to generate random or common email addresses for a given domain, hoping to get some of their spam delivered. Since the sender of the original email is typically spoofed, the NDR's can't be delivered, they just build up until their retry time has expired.

If this is the case, you could turn on Recipient filtering (in global settings / message delivery properties AND your SMTP virtual server / IP Addresses / Advanced), but this may allow the spammers to figure out valid versus invalid email addys. Enabling this changes the message returned to the sending SMTP server during the initial delivery attempt of the inbound spam, and could allow the spammers to figure out valid email addys.

Back to Networks Forum
2 total posts (Page 1 of 1)  

Hardware Forums