(note: this email is a tad long. not because the situation is terribly
complicated but because i'm bad explaining things in a quick manner. ;)
we have a website that i recently found out was being used as a spam relay.
we also have an exchange server that is separate from the website's SMTP
virtual server. i closed the relay on this (the exchange box) server when we
set it up over a year ago. (of course i neglected to do it on the website.)
during my investigation of the websites spam problem i went into both
computers (the exchange server and the website) and chose to have all
non-delivery reports sent to my email address.
my question has to do with the non-delivery reports i am getting now along
with the strange reports i'm getting from our exchange anti-virus software
(NAV Corporate Edition).
at least 4 to 5 times a day i get a report that looks something liek this...
Undeliverable: U.n.i.v.e.r.s.i.t.y D.e.g.r.e.e. for YOU!
lou used to be a user at our office (that was years ago though). what i know
about non-delivery reports is that the server is saying "someone at your
that email address is no longer valid."
however the problem is that we are not sending message to this address. it
should also be noted that there are a few other addresses that i repeatedly
came from). other than legitimate non-delivery emails i receive from users
in the office or people on the website filling in the wrong email address, i
receive at least 4 spam looking reports a day. this doesn't make sense to me
because if someone was sending spam to a nonexistent email address at our
domain, shouldn't they receive the non-delivery report and not me?
regardless, i've thought of two different things that can explain this. (i
don't know if either one is true though.)
1. someone is sending spam to us using an email address at our domain (i.e.
email address is not valid. who should i send a report to? Reply-To:
2. one of our computers on our network is infected with some sort of virus
(this seems unlikely though, but of course is possible).
as i mentioned in the beginning of this email i am also receiving strange
reporting emails from our anti-virus software. the emails i receive are
indicating that someone/somewhere on our network a virus laden email was
sent to us, from us.
our anti-virus software sends a reply like, "You have a virus and have sent
it to us." to the person who sent the email. now if a legitimate person sent
a virus laden email they would receive that reply email from our anti-virus
software. the problem is that *i'm* receiving those reports. the funny thing
is that our client virus software and our exchange virus software are both
from the same vendor and should both detect the same viruses. so i'd imagine
that if i really *did* have a virus on my computer that was sending out
emails, my client virus protection software would recognize the virus as
well and notify me. however it doesn't. so i'm not sure what's going on with
what do you think is happening and what should i do to remedy it?
sorry for such a long post, i just couldn't think of a way to sum the whole
thing up without explaining everything.
thanks for the help,