Failure Notice - Email Spoofing or else?
Exchange Server Forum Index Exchange Server
Discussion forums for Microsoft Exchange Server users.
Microsoft Outlook
 
 FAQFAQ   MemberlistMemberlist     RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
 
Google
 
Web ExchangeServerHelp.com
Failure Notice - Email Spoofing or else?

 
Post new topic   Reply to topic    Exchange Server Forum Index -> Exchange General
Author Message
samlhc



Joined: 29 Nov 2007
Posts: 1
Posted: Thu Nov 29, 2007 8:56 am    Post subject: Failure Notice - Email Spoofing or else? Reply with quote
Some users claim they get failure notice like below. They did sent the said email, but they didn't sent to the said recipient in failure notice. This sometimes happen to external or internal recipient. Even sender(different domain) send us email and may got similar problem.

Exchange server 2003 -(Windows 2k3 SBS SP1 std). This server is a serve as AD and Exchange. There are no public DNS, but it work as a DNS server for local network. Client PC point their DNS to this server and ISP.
This server was not open, the exchange not suppose be connected remotely. Client outside are not able collect email remotely.
Relay for Smtp virtual server has been set to only in the list. And the list is empty. Smarthost was point to our webmail hosting. Reverse Dns lookup is checked. No MX record for us, because webmail hosting are hosting it.

We are using pop3 connector. We use third party webmail hosting. We don't have any SMTP connector, but we do running SMTP virtual server.
When I query the said email using system manager at exchange, I can't find the said recipient. Even the log did show the email did sent to certain recipient, but the unknown recipient was not listed. This problem was not due to single client. Even sometime when sending email internally, might get such failure notice.

What else can spoof the exactly same sender and same subject? So could it be our exchange been hijacked/infected? Or maybe is one of the client PC are infected??
Any advise are appreciated.
Thank you.

[u]external mail failure notice[/u]
-----Original Message-----
From: MAILER-DAEMON@ourmail.hosting.com
[mailto:MAILER-DAEMON@ourmail.hosting.com]
Sent: Wednesday, November 07, 2007 9:46 AM
To: User
Subject: failure notice
Hi. This is the qmail-send program at host.ourmail.hosting.com.
I'm afraid I wasn't able to deliver your message to the following
addresses.
This is a permanent error; I've given up. Sorry it didn't work out.
<jr@jrtr.org>:
Sorry. Although I'm listed as a best-preference MX or A for that host,
it isn't in my control/locals file, so I don't treat it as local.
(#5.4.6)
--- Below this line is a copy of the message.
Return-Path: <use@domainX.com>
Received: (qmail 15394 invoked from network); 7 Nov 2007 09:36:35 +0800
Received: from 111..in-addr.arpa. (HELO domainX.com)
(111.111.111.111)
by ourmail.hosting.com with SMTP; 7 Nov 2007 09:36:35 +0800
Subject: RE: Holiday
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C820DF.B2CB6D72"
Date: Wed, 7 Nov 2007 09:44:12 +0800
Content-class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft Exchange V6.5
Message-ID:
<F9DD00D4D399214B9B65274AADE136DCA9407A@myserver.domain.cal>
In-Reply-To:
<F9DD00D4D399214B9B65274AADE136DCA94078@myserver.domain.cal>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: Holiday
thread-index: AcggHyr/nRbVR3wXTTCzLh8jBYpvMwAvTBfgAABEP6A=
References:
<F9DD00D4D399214B9B65274AADE136DCA94078@myserver.domain.cal>
From: "User" <user@domainX.com>
This is a multi-part message in MIME format.
___________________________________________________________
[u]Internal mail failure notice[/u]

-----Original Message-----
From: MAILER-DAEMON@ourmail.hosting.com
[mailto:MAILER-DAEMON@ourmail.hosting.com]
Sent: Thursday, 29 November, 2007 10:31 AM
To: tt
Subject: failure notice


Hi. This is the qmail-send program at host.ourmail.hosting.com.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<jramtu@avebe.com>:
212.178.222.20 does not like recipient.
Remote host said: 544 Unable to route to domain.
Giving up on 212.178.222.20.

--- Below this line is a copy of the message.

Return-Path: <tt@domainX.com>
Received: (qmail 3222 invoked from network); 29 Nov 2007 10:13:48 +0800
Received: from 111.111.in-addr(HELO domainX.com) (111.111.111.111)
by ourmail.hosting.com with SMTP; 29 Nov 2007 10:13:48 +0800
Subject: RE: down.
Date: Thu, 29 Nov 2007 10:16:04 +0800
Message-ID: <F9DD00D4D399214B9B65274AADE136DC7A4099@myserver.domain.cal>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C8322D.CB2DC270"
In-Reply-To: <F9DD00D4D399214B9B65274AADE136DC7A4098@myserver.domain.cal>
X-MS-Has-Attach:
Content-class: urn:content-classes:message
X-MS-TNEF-Correlator:
X-MimeOLE: Produced By Microsoft Exchange V6.5
Thread-Topic: down.
Thread-Index: AcgyLDrGfpxP7/8uQoGDIUfpFlmwBQAAMAbg
From: "tt" <tt@domainX.com>
To: "At" <at@domainX.com>,

This is a multi-part message in MIME format.

------_=_NextPart_001_01C8322D.CB2DC270
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Dear User,
=20

Back to top
View user's profile Send private message
 
Post new topic   Reply to topic    Exchange Server Forum Index -> Exchange General All times are GMT
Page 1 of 1

 
 You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum




Windows Server Dedicated Servers
New Topics Powered by phpBB