Announcement

Collapse
No announcement yet.

Delivery Status Notification (Failure)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Delivery Status Notification (Failure)

    All of a sudden, I am receiving Delivery Status Notification (Failure) issue. These are not message sent from anyone at my company. I think somehow I am being spammed. Is there something I failed to do to secure my exchange 2003 server. Any ideas? I am not sure where to look.

  • #2
    Re: Delivery Status Notification (Failure)

    Based on the information that you have supplied, impossible to answer.
    You need to provide more information on what you are actually seeing because there could be any number of issues and therefore resolutions based on the small amount of information that you have provided.

    Simon.
    --
    Simon Butler
    Exchange MVP

    Blog: http://blog.sembee.co.uk/
    More Exchange Content: http://exchange.sembee.info/
    Exchange Resources List: http://exbpa.com/
    In the UK? Hire me: http://www.sembee.co.uk/

    Sembee is a registered trademark, used here with permission.

    Comment


    • #3
      Re: Delivery Status Notification (Failure)

      Sorry for the insufficient information. What is happening is that it looks like I sent an email to someone and they no longer have this email so the postmaster on the other end is sending me a failure notice. These messages are comming back from different emailaddresses about every 30 minutes. Here is one of the messages.

      Note: Forwarded message is attached.

      This is an automatically generated Delivery Status Notification.

      Delivery to the following recipients failed.

      [email protected]

      Final-Recipient: rfc273;[email protected]
      Action: failed
      Status: 8.2.2

      I am nor my employees are sending messages to these email addresses so I think somehow I am being spammed. Any thoughts on this?

      Comment


      • #4
        Re: Delivery Status Notification (Failure)

        It could be one of two things.
        1. Your server is being abused. Look in ESM in the queues. If the server is being abused then there will be lots of messages in there, as spammers lists are not always that clean.

        2. The most likely is a spammer is simply using your email address/es as the reply to address. The real problem is the remote side, which accepts the email and then attempts to NDR it back to the sender. That causes what is known as backscattter and can get them blacklisted. They should do recipient validation at the point of delivery.
        If it is this, then there is nothing that you can do about it. The spammer will eventually move on to use another address. Any attempts to block the NDRs could mean you get blacklisted and are hard to do effectively without blocking genuine NDRs.

        Simon.
        --
        Simon Butler
        Exchange MVP

        Blog: http://blog.sembee.co.uk/
        More Exchange Content: http://exchange.sembee.info/
        Exchange Resources List: http://exbpa.com/
        In the UK? Hire me: http://www.sembee.co.uk/

        Sembee is a registered trademark, used here with permission.

        Comment


        • #5
          Re: Delivery Status Notification (Failure)

          It could be a 3rd thing.

          Currently there is a trojan making the rounds that masquerades as a Delivery Status Notification. The attachment is an html attachment with various javascript browser exploitables.

          Comment


          • #6
            Re: Delivery Status Notification (Failure)

            This exploit email has been affecting my users for a few weeks now. We have not seen any slow down, although google postini services claim they have found a way to filter them.

            If you view the message headers though, they are going through some pretty reputable servers. (ie. Google, AOL, Yahoo, Trendmicro)

            Comment


            • #7
              Re: Delivery Status Notification (Failure)

              It slipped past our Postini services also. Found a way to catch it on our Antigen/Forefront for Exchange services.

              Comment

              Working...
              X