Non Domain Originator in outgoing queue

[hippomitchelljr]

Good day,

I am currently running Exchange 5.5 service pack 4 on Windows NT 4.

Our server is not relaying any email, I've tested this, but I'm still getting a lot of emails in my outbound queue from originators that are NOT in the local domain. These senders vary from sbcgloba.net to earthlink.net, etc...

These messages are not being relayed however, I still get notifications regarding their non-delivery.

Is there any way to stop these messages before they hit my internet connector or kill the messages when they arrive?

Any help is greatly appreciated!

Thank you!

 

[irweazel]

i have had the same problem - relaying is not active so i don't think it can be a spamer using my exchange - i just put the domain in the message filtering under the internet mail connector and it stopped them before getting to the queue. But i never did find out where they were coming from

 

[Freedom99]

See

http://support.microsoft.com/?kbid=837794

You will have to call MS to get the fix. However, it is well worth it. I have had great success with this hotfix.

 

[hippomitchelljr]

Thank you for your posts...

Irweazel: I can't afford to put the domains within my filter since we do receive legitamate emails from customers within these domains. I wish it was a single domain but it varies too much.

Freedom99: Thank you for the link, this helps with the <> originator, but does this do anything when the originator is an actual address? As I said, I know that these emails are not being relayed but it concerns me that someone may be able to run up my cpu usage on a bunch of attempted spam items.

 

[KPMIS]

This problem stems from the current IMC problem that people are having with the 5.5 system. I have suppressed the NDRs with the registry key but <>'s are still poluting the outgoing cache. FYI


KP

 

[ImWoody]

You might want to try a SPAM blocking solution. I use GFI Mail Essentials to check inbound e-mails for an empty mime FROM: field (that's why you get the empty brackets) and stop those e-mail before they reach the server.

ImWoody

 

[KPMIS]

Actually I am runing an inbound Spam appliance (Trimmail) the outgoing queue is the problem

KP

 

[Freedom99]

The outgoing is occuring from spammers trying to send mail on your server. Bots looking for 5.5 and attempting to exploit. If you want to block certain styles and origination location you will need third party software. GFI Mail Essentials is a pretty good product for use with 5.5.

Is everyone aware that Exchange 5.5 is at end of life??

 

[ImWoody]

The messages in your outbound IMS queue with empty brackets in the "TO:" field are a result of the server accepting a message with a malformed mime header with the "FROM:" field empty. When a message like this hits your server and there is no recipient for it (i.e. it's for an employee who no longer works there and the e-mail address has been deleted) the server generates a NDR and sticks it in the outbound queue. Becuase there was no address in the "FROM:" field of the original e-mail, there's no address in the "TO:" field of the NDR. If you have a SPAM filter that is capable of detecting/blocking e-mails with malformed MIME headers, you will not get the NDRs in your outbound IMS queue.

 

[KPMIS]

To ImWoody,
I think I have solved the solution. I have inherited this 5.5 Server from a previous BAD administrator. I went through group shield and have determined that API message scanning was the scan method that I was usuing. I have changed it to ESE direct scanning to ensure that all information store messages are scanned. It seems to have silenced the outgoing queue. I am in the processof re evaluating my workstations with epolicy to double check some ovwersights as well.
In adition my junk mail appliance only provides for incoming messages by design

KP