Possible Email Virus - Qued emails to foreign countries
We recently were a victim of what I thought to be a single incident of a compromised system spewing spam. While we did have a system that was blatantly infected, and which we removed off the network completely and wiped out, I am noticing in our Exchange 2003 Que that there are quite a few (11 right now) email in the retry state. What is strange is that the domain names listed is that they are all to foreign countries like Russia, Austrailia etc. When I do a Find Message and choose Messages in Retry Mode, the Exchange search reveals nothing. How am I to determine where these emails are coming from, such as the sender? I am not that good with the more advanced features of Exchange and trying to eliminate this problem has been pretty tough. Thank you!
June 30th, 2010 10:02pm

They are likely NDRs to messages with forged headers. I don't believe you will find anything useful in them, but you are welcome to look in the queue file locations and find the .eml files and look at the headers. -- Ed Crowley MVP "There are seldom good technological solutions to behavioral problems." . "venom66" wrote in message news:65d297bc-fc7a-4736-905b-f976ea8c5418... We recently were a victim of what I thought to be a single incident of a compromised system spewing spam. While we did have a system that was blatantly infected, and which we removed off the network completely and wiped out, I am noticing in our Exchange 2003 Que that there are quite a few (11 right now) email in the retry state. What is strange is that the domain names listed is that they are all to foreign countries like Russia, Austrailia etc. When I do a Find Message and choose Messages in Retry Mode, the Exchange search reveals nothing. How am I to determine where these emails are coming from, such as the sender? I am not that good with the more advanced features of Exchange and trying to eliminate this problem has been pretty tough. Thank you! Ed Crowley MVP "There are seldom good technological solutions to behavioral problems."
Free Windows Admin Tool Kit Click here and download it now
July 1st, 2010 2:36am

Hello, Are there mails NDR? I suggest you create a recipient filter to prevent Exchange Server from accepting messages that are sent to recipients who do not exist. I suggest you check the following KB for more information: In Exchange Server 2003 or in Exchange 2000 Server, the Exchange Server queues are filled with many non-delivery reports from the postmaster account because of a reverse non-delivery report attack http://support.microsoft.com/kb/909005 You also could check your SMTP log to get more clues about this. Thanks, Elvis
July 2nd, 2010 11:40am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics