Can I require all outbound mail to match an account on our server?

[John0192]

We're battling a worm or something that periodically drops spam and a mailing list into our server. All the outbound messages it sends has &quot;<>&quot; as the sender...we found that out from the few DNR's that end up in our outbound queue. (This is NOT an open relay situation...we locked that down some time ago).

Is it possible in Exchange 5.5 to set up a requirement that in all outbound mail that the &quot;from&quot; address must match a real account on the server? What I'm looking to do is at least stop the bogus outbound mail from going out until we can isolate and kill off the process that allows it to get in.

Thanks.

 

[jlmartini]

Hi there - I would also like to know the answer to this question if anyone has it!

 

[Griffyn]

You can't force all outgoing mail to match an account. This way no NDRs would ever get sent. You could just disable NDRs if you like.

Make sure you've read the recent thread where it was realised that spammers were connecting to exchange servers that had been set up to prevent open relaying. The key word there is 'open'. The spammers had somehow found the password to some accounts on the server, and were logging in as a user to send authenticated mail. Thus, the exchange server accepted it, and then onforwarded it because it appeared as if it were originating from a local user.

 

[zbnet]

SMTP messages that have a sender of &quot;<>&quot; are perfectly normal. They are system messages - probably NDRs - that are sent like that in case the receiving system needs to non-deliver them. Because they have a blank sender, it can't, so it throws them away - otherwise you might get an infinite mail loop where each system non-delivers the NDR, which non-delivers, causing an NDR to be sent, which is non-delivered..... and so on.