why am i receiving these non-delivery reports?

why am i receiving these non-delivery reports?

Post by chri » Wed, 28 Aug 2002 03:13:00



hi.

(note: this email is a tad long. not because the situation is terribly
complicated but because i'm bad explaining things in a quick manner. ;)

we have a website that i recently found out was being used as a spam relay.
we also have an exchange server that is separate from the website's SMTP
virtual server. i closed the relay on this (the exchange box) server when we
set it up over a year ago. (of course i neglected to do it on the website.)
during my investigation of the websites spam problem i went into both
computers (the exchange server and the website) and chose to have all
non-delivery reports sent to my email address.

my question has to do with the non-delivery reports i am getting now along
with the strange reports i'm getting from our exchange anti-virus software
(NAV Corporate Edition).

at least 4 to 5 times a day i get a report that looks something liek this...

Undeliverable: U.n.i.v.e.r.s.i.t.y D.e.g.r.e.e. for YOU!


lou used to be a user at our office (that was years ago though). what i know
about non-delivery reports is that the server is saying "someone at your

that email address is no longer valid."

however the problem is that we are not sending message to this address. it
should also be noted that there are a few other addresses that i repeatedly


came from). other than legitimate non-delivery emails i receive from users
in the office or people on the website filling in the wrong email address, i
receive at least 4 spam looking reports a day. this doesn't make sense to me
because if someone was sending spam to a nonexistent email address at our
domain, shouldn't they receive the non-delivery report and not me?
regardless, i've thought of two different things that can explain this. (i
don't know if either one is true though.)

1. someone is sending spam to us using an email address at our domain (i.e.


email address is not valid. who should i send a report to? Reply-To:

2. one of our computers on our network is infected with some sort of virus
(this seems unlikely though, but of course is possible).

as i mentioned in the beginning of this email i am also receiving strange
reporting emails from our anti-virus software. the emails i receive are
indicating that someone/somewhere on our network a virus laden email was
sent to us, from us.

our anti-virus software sends a reply like, "You have a virus and have sent
it to us." to the person who sent the email. now if a legitimate person sent
a virus laden email they would receive that reply email from our anti-virus
software. the problem is that *i'm* receiving those reports. the funny thing
is that our client virus software and our exchange virus software are both
from the same vendor and should both detect the same viruses. so i'd imagine
that if i really *did* have a virus on my computer that was sending out
emails, my client virus protection software would recognize the virus as
well and notify me. however it doesn't. so i'm not sure what's going on with
that.

what do you think is happening and what should i do to remedy it?

sorry for such a long post, i just couldn't think of a way to sum the whole
thing up without explaining everything.

thanks for the help,
chris.

 
 
 

1. Unable to receive (non) delivery reports.

Hi there,

I have a strange problem with exchange 5.5 sp4 on NT4.0Sp6a.

situation:

We have a exchange server that can receive mail from one e-mail
server from our provider via bsmtp.

We moved our mail domain to a new provider and since then we are not
able to receive delivery receipts and ndr's from external e-mails.
Internal all goes well.
All e-mail works perfectly (internal and external).-

The delivery reports are in the queue of our provider.
When they try to send it to us manualy the get an error messege
"502: Cannot specify from adress <>"

They told us that our e-mail server does not accept bounces.

If i send an e-mail to my hotmail account and look in the header the
return-receipt is the correct e-mail adress.

Does anyone have a solution for this?

B.t.w all worked well at our old provider.

Regards,
Erik Dijkstra

2. MapiSend, anyone get it to work?

3. The journaling recipient receive the following non-delivery report

4. IMAP and Outbound Mail

5. Receiving non-delivery report (NDR) to a particular remote domain

6. SMTP feed security

7. Non Delivery Reports/NDRs/Delivery Failures

8. Blocking Incoming Mail

9. Why Am I getting Duplicate Delivery Receipts?

10. Why Am I Receiving My Old Mails Again?

11. Why am I receiving misrouted mail?

12. Customizing Non-Delivery Report(NDR) in Exchange

13. Processing non-delivery reports