Server is getting hit with lots of spam. It appears mail is coming from domainB.com and going to
domainC.com while our domain is domainA.com. So first our server sends spam out and then it tries again to send out an NDR.
All the while neither the original sender or recipient appears to be from our domain.
I have had all users reset
their passwords today. Server is not an open relay. IMF and recipient filters are turned on in both locations. "Filter
recipients who are not in the directory" is enabled. I have no idea how this is happening. I can delete the queue folder and
the server returns to normal for a few days, but then we get hit with a ton of spam over night.
2003 SP2 with Exchange 2003 SP2. No third party spam filters. See this message header. You can see the original message and
the NDR in this header.
Date: Fri, 12 Nov 2010
Content-Type: multipart/report; report-type=delivery-status;
X-DSNContext: 7ce717b1 - 1194 - 00000002 - 00000000
Subject: Delivery Status Notification (Failure)
This is a MIME-formatted message.
Portions of this message may be unreadable without a MIME-capable mail program.
Content-Type: text/plain; charset=unicode-1-1-utf-7
This is an automatically generated Delivery Status Notification.
Delivery to the following recipients failed.
Arrival-Date: Thu, 11 Nov 2010 22:23:26 -0500
Diagnostic-Code: smtp;550 This message contains malware
Received: from User ([71.16.72.***]) by MYCOMPANY.com with Microsoft SMTPSVC(6.0.3790.3959);
Thu, 11 Nov 2010 22:23:26 -0500
From: "CartaSi, Inc"
Subject: S***********al 12/11/2010
Date: Thu, 11 Nov 2010 22:23:26 -0500
Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-OriginalArrivalTime: 12 Nov 2010 03:23:26.0678 (UTC)
This is a multi-part message in MIME format.