Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Exchange 5.5 Ghost In the Machine?! 1

Status
Not open for further replies.
pfcvt

pfcvt

IS-IT--Management
Jul 24, 2003
2
0
0
US
I have a very strange problem.

First off, I am running Exchange Server 5.5 SP3 on an NT 4.0 server. The server is not an Open Relay (I've already had to deal with that one before!). All users EXCEPT THE USER WITH THE PROBLEM BELOW aer running Windows XP with Office XP. The user referenced below is running Windows 98 and Outlook 2000.

Here's the first problem. I have one user whose Private Information Store suddenly began to rapidly fill up. It turned out that he had about 50,000 messages in his Deleted Items folder. All of them were from the MAILER-DAEMON@aol.com and they were all undeliverable kickbacks to him. Basically, upon investigation I found the following:

His email account (he's been out of the office for a week) is apparently sending email messages to his old (and presumably disabled) AOL address - at a rate of about 10-20 thousand a day! These are being kicked back by AOL because his old AOL address no longer exists.

When I look at the IMS Outbound Queue I see outbound messages from him (at his domain email account here) being sent to his AOL account. When I check his sent items - nothing is there. The messages are being sent, somehow, automatically by the server?!

I'd like to find out:

1. What is causing the messages to be sent out in his name.

2. How to stop it!

3. How to prevent it in the future.

Oh, BTW, if his PC is turned off, the messages just keep coming. Since the rule I created is based locally, when someone logs into his laptop there's a monster to delete!

The second related issue pertains to the same user.

Everything that is sent to him now (including legitimate emails) go directly into his Deleted Items folder bypassing his Inbox. There is no rule that does this. The only rule that is there is one I created to automatically delete any messages from MAILER-DAEMON@aol.com. This problem began before I created this rule. In fact, it seems to have started when problem 1 (above) began.

Any help will be GREATLY appreciated - I'm going insane from this!!
 
Sort by date Sort by votes
Have your check the "Out of the office assistant" ?

 
Upvote 0 Downvote
Take it you have virus checked the machine and that it is behind a firewall.
 
Upvote 0 Downvote
I have a similar problem. Someone succesfully authenticates as a user of the domain (admin, webmaster, master, root,)and sends out spam.

1. I dont have these accounts

2. Even i had them how could it be possible to do that.

I checked for trojans viruses etc but nothing.

The first thing i did to stop him was to create these accounts and put a password of my choise. after that he couldnt authorize and so he couldnt send out mail. But he could connect to my server and after the failed authentication, there was an event mesg saying that someone with ip *.*.*.* tried to authenticate as one of the above users and failed

Once he authenticated as an existing domain user (test) when i changed the password he failed with that one too.

Then as i had more time to deal with him i changed the strategy of my firewall and blocked the range of ips that the connections were coming from.

I searched the forums here and posted some threads but came out with nothing, i did get an idea of where the problem lies though

I m saying all these because you may find similarities to your problem or remember something you havent posted.

The Solution (maybe)

It seems that there is a flaw in the SMTP service in axchange 5.5 that allows that.

Microsoft released a patch BUT it requires SP4

I m currently on NT4SP6a and Exchange 5.5 SP3 as you and i m about to apply the new sp and the fix from microsoft

Check out these links i think you ll find them useful and you might solve your problem




Good luck
George
 
Upvote 0 Downvote
Thanks to everyone!

Sometimes the simplest solutions are the best! Kristek hit the nail on the head!

I knew that the person's Out Of Office Assistant was turned on. What I did not know was that there was an old rule that had been enabled that sent all incoming mail to an AOL account (his old and now expired AOL account) and then deleted the messages.

This explains pretty much everything, I think!

He was getting approximately 1,000 emails an hour from the AOL Mailer Daemon. They were all kickbacks saying that the mail he was trying to send (to his expired account) was going to an account that no longer existed. No question, that was correct - his AOL account had been cancelled.

These were coming back to his Exchange account and based on the in-place rule, they were then being forwarded out to his expired AOL account. This set up a routing loop.

It also, explains why his legitimate messages were being sent to his Deleted Items folder instead of (or seemingly instead of) his Inbox.

Thanks to everyone who responded. I can go on vacation without this headache!!!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

PatrickRoggers
  • Locked
  • Helpful tip
Safest Way to Import PST file into Exchange Online
Replies
0
Views
608
PatrickRoggers
PatrickRoggers
ComputersUnlimited
  • Locked
  • Question
Migrating to Exchange 2019
Replies
0
Views
562
ComputersUnlimited
ComputersUnlimited
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove "✉" icon when it appears in a subject title from a supplier
Replies
0
Views
609
Brent Fletcher
Brent Fletcher
microsGuy16
  • Locked
  • Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
679
microsGuy16
microsGuy16
stanlyn
  • Locked
  • Question
How to do Certificates on MultiDomain Exchange with Least Cost
Replies
1
Views
569
Wesaf
Wesaf

Part and Inventory Search

Sponsor

Back
Top