Announcement

Collapse
No announcement yet.

Multiple NDRs being trapped by the Spam filter and has unknown IP/email

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Multiple NDRs being trapped by the Spam filter and has unknown IP/email

    One of our sites have an Exchange 2007 server (all roles), GFI mail essentials and Sonicwall firewall redirecting port 25 traffic to the server. I have been checking our Spam mailbox that GFI forwards cetain Spam emails to and noticed that yetserday, we hade 2000+ Spam emails. We usually have 90 redirected to the mailbox. Lookinf further, I noticed that the majority, 2000+, were NDRs.

    ---------------------------------------------------------------------------------------------------

    Generating server: vsmtpvtin1.tin.it
    [email protected]
    mailin-01.mx.aol.com #<mailin-01.mx.aol.com #5.1.1 smtp; 550 We would love to have gotten this email to [email protected]. But, your recipient never logged onto their free AIM Mail account. Please contact them and let them know that they're missing out on all the super features offered by AIM Mail. And by the way, they're also missing out on your email. Thanks.> #SMTP#
    Original message headers:
    Return-Path: <[email protected]>
    Received: from User (202.67.153.17) by vsmtpvtin1.tin.it (8.5.113) (authenticated as [email protected])
    id 4A41FFA1008242E4; Mon, 24 Aug 2009 22:19:51 +0200
    Message-ID: <[email protected]> (added by [email protected])
    Reply-To: <[email protected]>
    From: "Amar"<[email protected]>
    Subject: Notification of your Delivery Attached.
    Date: Mon, 24 Aug 2009 13:19:47 -0700
    MIME-Version: 1.0
    Content-Type: text/plain
    X-Priority: 3
    X-MSMail-Priority: Normal
    X-Mailer: Microsoft Outlook Express 6.00.2600.0000
    X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

    ---------------------------------------------------------------------------------------------------

    The IP address is not known by us and the live.com email is not known. The NDRs only differ with regards to the email address they are being sent to. We have not been blocked by any spam lists and have looked at the Exchange 2007 queues and logs as well as the SonicWall and there is just average usage.

    I was thinking that someone has sent some bogus emails masquerading as us and made the return address to be us.

    Any suggestions welcomed.

  • #2
    Re: Multiple NDRs being trapped by the Spam filter and has unknown IP/email

    It looks like NDR spam to me. DNSStuff's Email analyzer rates it as spam and shows that vsmtpvtin1.tin.it is on several RBL's, including SpamCop and Zen.

    In addition the originating ip address is in China, which is a good indicator that it is spam.

    Comment


    • #3
      Re: Multiple NDRs being trapped by the Spam filter and has unknown IP/email

      Originally posted by joeqwerty View Post
      It looks like NDR spam to me. DNSStuff's Email analyzer rates it as spam and shows that vsmtpvtin1.tin.it is on several RBL's, including SpamCop and Zen.

      In addition the originating ip address is in China, which is a good indicator that it is spam.
      Thanks Joe. Is there anything I should be doing or is it as you have said, another form of Spam? So treat in the same way as any other?

      Comment


      • #4
        Re: Multiple NDRs being trapped by the Spam filter and has unknown IP/email

        I'm not aware of anything that specifically combats NDR spam. I would continue to use your current email filtering product and maybe add this ip address to your block list.

        Comment

        Working...
        X