Your best solution is to find out the source of those messages, and then block the domain,
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Woods, Tony Sent: Thursday, June 26, 2003 1:37 PM To: Exchange Discussions Subject: RE: Not Open Relay, but... Thanks, Jim. Just so I'm clear, it's not uncommon to have over 10,000 messages sitting in the IMS queue after 8hrs? I have another site where the IMS has hardly any messages sitting in there so this is why I am concerned. What if I changed the MX record's IP address, would that help slow it down a little or are they just using dfg.com? Cheers, Tony -----Original Message----- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 10:10 AM To: Exchange Discussions Subject: RE: Not Open Relay, but... Tony, Open up the properties page of your IMS Connection, go to the Internet Mail tab and click on the Notifications... button. My guess would be that you have the "Always send notifications when non-delivery reports are generated" radio button clicked. If that is the case, select the second choice and uncheck the options that you don't want. I receive anywhere from 3,000 to 10,000 ndrs a day, from spammers trying to brute force their spam through the system. I track the NDRs to create a spreadsheet for management, showing them the exponential growth of spam and the load it is placing on the servers, in order to justify new servers. Jim -----Original Message----- From: Woods, Tony [mailto:[EMAIL PROTECTED] Sent: Thursday, June 26, 2003 9:58 AM To: Exchange Discussions Subject: RE: Not Open Relay, but... I've tested via telnet and from home using Outlook Express and it always replies with 550 so I think I'm good there. Just the amount of mail is insane. I came in this morning at there's over 10,000 in the IMS Queue. I guess eventually it will slow down... Thanks to all. Cheers, Tony -----Original Message----- From: Dave Mills [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 5:28 PM To: Exchange Discussions Subject: Re: Not Open Relay, but... For #3, what you are seeing is spammer trying to find valid addresses @dfg.com by simply guessing addresses and trying them, your best bet would be to turn off the notification on your IMS for "E-mail address could not be found". For #2, yes they will sit in the queue until they are delivered or just time out. For #1, are you sure you're not an open relay? See http://www.msexchange.org/tutorials/Preventing_Third_Party_Relaying_In_M S_Ex change_Server_55.html. - Dave ----- Original Message ----- From: "Woods, Tony" <[EMAIL PROTECTED]> To: "Exchange Discussions" <[EMAIL PROTECTED]> Sent: Wednesday, June 25, 2003 5:00 PM Subject: RE: Not Open Relay, but... > Hi John, > > Is this in response to my question #3? If so, does everyone receive > over 2000 messages every hour in the 'Admin' mailbox with a subject > line of > 'Notification: Inbound Mail Failure"? I understand getting some but > over 2000 an hour? Each of these messages is addressed to > [EMAIL PROTECTED] or whatever. It's just random letters in front of the > domain name @dfg.com and > there's just a ton of them. Thanks for any ideas, all. > > Cheers, > Tony > > -----Original Message----- > From: John Strongosky [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 25, 2003 3:46 PM > To: Exchange Discussions > Subject: RE: Not Open Relay, but... > > > NDR's (non-delivery reports) from spammer's probably. > > -----Original Message----- > From: Woods, Tony [mailto:[EMAIL PROTECTED] > Sent: Wednesday, June 25, 2003 3:23 PM > To: Exchange Discussions > Subject: Not Open Relay, but... > > > Hello, > > NT 4 SP6a and Exchange 5.5 SP4. Domain in question is DFG.com > > I've just taken over a site's Exchange server and have noticed > something strange. It's been sometime since I had to play with > Exchange this deep but > the Queues on my IMS keep filling up with 1000's of emails. We're not > an Open Relay that I can tell (I've tested) but there's just a ton of 'Outbound > Message Awaiting Delivery' with originator <> and Destination Host of > different .com's. There is a ton of Inbound Mail Failures in the > 'Admin' mailbox for delivery failures as well. My three questions are: > > 1) Are these messages that are trying to relay but failing? > > 2) If so, are they just going to sit in the Queue for the default > time? > > 3) For the Inbound Mail Failures, a lot of them are going to bogus > addresses like [EMAIL PROTECTED] or [EMAIL PROTECTED] Where are these all > coming from? > > Thanks in advance. > > Cheers, > Tony > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang > =english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang > =english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang =english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
