RE: undeliverables clogging que's
Check the message tracking logs for NDRs, and/or suspend the queue and export some of those messages and figure out where there coming from. What to do after that will depend on the message source, but you should be able to add a hub transport rule to drop them before they get to the queue until you get it sorted out. From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Wednesday, June 09, 2010 12:18 PM To: MS-Exchange Admin Issues Subject: undeliverables clogging que's We are in the middle of a multi-domain migration from E2k3 servers to E2K7. We had an outside consultant come in and set this all up. We had some time constraints and unrelated hardware issues that have complicated this process at times, and things have not always gone smoothly(imagine that). Everything seems to be working fine except that we have had reports of missing email and looked to find a que with hundreds of undelivered messages on the E2K7 Hub/CAS server. 80% or so of those messages are identified as undeliverable. When we manually delete the undeliverables the rest of the messages seem to go out just fine. I'll be happy to provide more details about our setup, but I'm thinking that may be something someone else has seen and may be able to point us in the right direction to get this resolved??? thanks for any help. Jeff ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. **
RE: undeliverables clogging que's
The undeliverable's are from who and to who? Is there a common thread with them? From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Wednesday, June 09, 2010 1:18 PM To: MS-Exchange Admin Issues Subject: undeliverables clogging que's We are in the middle of a multi-domain migration from E2k3 servers to E2K7. We had an outside consultant come in and set this all up. We had some time constraints and unrelated hardware issues that have complicated this process at times, and things have not always gone smoothly(imagine that). Everything seems to be working fine except that we have had reports of missing email and looked to find a que with hundreds of undelivered messages on the E2K7 Hub/CAS server. 80% or so of those messages are identified as undeliverable. When we manually delete the undeliverables the rest of the messages seem to go out just fine. I'll be happy to provide more details about our setup, but I'm thinking that may be something someone else has seen and may be able to point us in the right direction to get this resolved??? thanks for any help. Jeff
Re: undeliverables clogging que's
The From: seems to by typical spam, spoofed addresses, predictable subject lines. The To: seems to vary, some to current employees, some to former employees and some to unknowns... On Wed, Jun 9, 2010 at 12:31 PM, Kennedy, Jim kennedy...@elyriaschools.orgwrote: The undeliverable’s are from who and to who? Is there a common thread with them? *From:* Jeff Brown [mailto:2jbr...@gmail.com] *Sent:* Wednesday, June 09, 2010 1:18 PM *To:* MS-Exchange Admin Issues *Subject:* undeliverables clogging que's We are in the middle of a multi-domain migration from E2k3 servers to E2K7. We had an outside consultant come in and set this all up. We had some time constraints and unrelated hardware issues that have complicated this process at times, and things have not always gone smoothly(imagine that). Everything seems to be working fine except that we have had reports of missing email and looked to find a que with hundreds of undelivered messages on the E2K7 Hub/CAS server. 80% or so of those messages are identified as undeliverable. When we manually delete the undeliverables the rest of the messages seem to go out just fine. I'll be happy to provide more details about our setup, but I'm thinking that may be something someone else has seen and may be able to point us in the right direction to get this resolved??? thanks for any help. Jeff
RE: undeliverables clogging que's
Are we sure these are not Non-Delivery Reports from your organization being sent back to the spammers...that probably don't exist so they get stuck in your queue until the time out? Recipient verification is the place to fix that, if my guess is correct. From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Wednesday, June 09, 2010 1:35 PM To: MS-Exchange Admin Issues Subject: Re: undeliverables clogging que's The From: seems to by typical spam, spoofed addresses, predictable subject lines. The To: seems to vary, some to current employees, some to former employees and some to unknowns... On Wed, Jun 9, 2010 at 12:31 PM, Kennedy, Jim kennedy...@elyriaschools.orgmailto:kennedy...@elyriaschools.org wrote: The undeliverable's are from who and to who? Is there a common thread with them? From: Jeff Brown [mailto:2jbr...@gmail.commailto:2jbr...@gmail.com] Sent: Wednesday, June 09, 2010 1:18 PM To: MS-Exchange Admin Issues Subject: undeliverables clogging que's We are in the middle of a multi-domain migration from E2k3 servers to E2K7. We had an outside consultant come in and set this all up. We had some time constraints and unrelated hardware issues that have complicated this process at times, and things have not always gone smoothly(imagine that). Everything seems to be working fine except that we have had reports of missing email and looked to find a que with hundreds of undelivered messages on the E2K7 Hub/CAS server. 80% or so of those messages are identified as undeliverable. When we manually delete the undeliverables the rest of the messages seem to go out just fine. I'll be happy to provide more details about our setup, but I'm thinking that may be something someone else has seen and may be able to point us in the right direction to get this resolved??? thanks for any help. Jeff
RE: undeliverables clogging que's
Did your consultant not set up any spam filtering? It sounds like you're either wide open, or infected internally. From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Wednesday, June 09, 2010 12:35 PM To: MS-Exchange Admin Issues Subject: Re: undeliverables clogging que's The From: seems to by typical spam, spoofed addresses, predictable subject lines. The To: seems to vary, some to current employees, some to former employees and some to unknowns... On Wed, Jun 9, 2010 at 12:31 PM, Kennedy, Jim kennedy...@elyriaschools.orgmailto:kennedy...@elyriaschools.org wrote: The undeliverable's are from who and to who? Is there a common thread with them? From: Jeff Brown [mailto:2jbr...@gmail.commailto:2jbr...@gmail.com] Sent: Wednesday, June 09, 2010 1:18 PM To: MS-Exchange Admin Issues Subject: undeliverables clogging que's We are in the middle of a multi-domain migration from E2k3 servers to E2K7. We had an outside consultant come in and set this all up. We had some time constraints and unrelated hardware issues that have complicated this process at times, and things have not always gone smoothly(imagine that). Everything seems to be working fine except that we have had reports of missing email and looked to find a que with hundreds of undelivered messages on the E2K7 Hub/CAS server. 80% or so of those messages are identified as undeliverable. When we manually delete the undeliverables the rest of the messages seem to go out just fine. I'll be happy to provide more details about our setup, but I'm thinking that may be something someone else has seen and may be able to point us in the right direction to get this resolved??? thanks for any help. Jeff ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. **
Re: undeliverables clogging que's
we are currently not doing any filtering with exchange, but we have a gateway filter appliance and are running a symantec filter on the mailbox server. On Wed, Jun 9, 2010 at 12:43 PM, Campbell, Rob rob_campb...@centraltechnology.net wrote: Did your “consultant” not set up any spam filtering? It sounds like you’re either wide open, or infected internally. *From:* Jeff Brown [mailto:2jbr...@gmail.com] *Sent:* Wednesday, June 09, 2010 12:35 PM *To:* MS-Exchange Admin Issues *Subject:* Re: undeliverables clogging que's The From: seems to by typical spam, spoofed addresses, predictable subject lines. The To: seems to vary, some to current employees, some to former employees and some to unknowns... On Wed, Jun 9, 2010 at 12:31 PM, Kennedy, Jim kennedy...@elyriaschools.org wrote: The undeliverable’s are from who and to who? Is there a common thread with them? *From:* Jeff Brown [mailto:2jbr...@gmail.com] *Sent:* Wednesday, June 09, 2010 1:18 PM *To:* MS-Exchange Admin Issues *Subject:* undeliverables clogging que's We are in the middle of a multi-domain migration from E2k3 servers to E2K7. We had an outside consultant come in and set this all up. We had some time constraints and unrelated hardware issues that have complicated this process at times, and things have not always gone smoothly(imagine that). Everything seems to be working fine except that we have had reports of missing email and looked to find a que with hundreds of undelivered messages on the E2K7 Hub/CAS server. 80% or so of those messages are identified as undeliverable. When we manually delete the undeliverables the rest of the messages seem to go out just fine. I'll be happy to provide more details about our setup, but I'm thinking that may be something someone else has seen and may be able to point us in the right direction to get this resolved??? thanks for any help. Jeff ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. **
RE: undeliverables clogging que's
The recipient verification needs to be on your externally exposed MTA for incoming email, so that would be the gateway filter I assume. The decent ones will do that through an LDAP connection (for example) to your exchange server. If not you are accepting all email for your domain...it hits the exchange server and invalid recipients are generating the outgoing NDR's on the exchange server. I really really think that is the root of your problem here. That flood of stuck outbound NDR's is hanging everything else up. From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Wednesday, June 09, 2010 1:53 PM To: MS-Exchange Admin Issues Subject: Re: undeliverables clogging que's we are currently not doing any filtering with exchange, but we have a gateway filter appliance and are running a symantec filter on the mailbox server. On Wed, Jun 9, 2010 at 12:43 PM, Campbell, Rob rob_campb...@centraltechnology.netmailto:rob_campb...@centraltechnology.net wrote: Did your consultant not set up any spam filtering? It sounds like you're either wide open, or infected internally. From: Jeff Brown [mailto:2jbr...@gmail.commailto:2jbr...@gmail.com] Sent: Wednesday, June 09, 2010 12:35 PM To: MS-Exchange Admin Issues Subject: Re: undeliverables clogging que's The From: seems to by typical spam, spoofed addresses, predictable subject lines. The To: seems to vary, some to current employees, some to former employees and some to unknowns... On Wed, Jun 9, 2010 at 12:31 PM, Kennedy, Jim kennedy...@elyriaschools.orgmailto:kennedy...@elyriaschools.org wrote: The undeliverable's are from who and to who? Is there a common thread with them? From: Jeff Brown [mailto:2jbr...@gmail.commailto:2jbr...@gmail.com] Sent: Wednesday, June 09, 2010 1:18 PM To: MS-Exchange Admin Issues Subject: undeliverables clogging que's We are in the middle of a multi-domain migration from E2k3 servers to E2K7. We had an outside consultant come in and set this all up. We had some time constraints and unrelated hardware issues that have complicated this process at times, and things have not always gone smoothly(imagine that). Everything seems to be working fine except that we have had reports of missing email and looked to find a que with hundreds of undelivered messages on the E2K7 Hub/CAS server. 80% or so of those messages are identified as undeliverable. When we manually delete the undeliverables the rest of the messages seem to go out just fine. I'll be happy to provide more details about our setup, but I'm thinking that may be something someone else has seen and may be able to point us in the right direction to get this resolved??? thanks for any help. Jeff ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. **
Re: undeliverables clogging que's
These look like incoming spam, not NDR's , but I have deleted them all at the moment and don't have any to copy and display. I setup ZEN from spamhouse to do recipient filtering, maybe that will help. I really prefer to drop messages for invalid recipients, but with all the migrations we are doing the LDAP lookups weren't keeping up, and my filter refuses to look at secondary SMTP addresses... On Wed, Jun 9, 2010 at 12:57 PM, Kennedy, Jim kennedy...@elyriaschools.orgwrote: The recipient verification needs to be on your externally exposed MTA for incoming email, so that would be the gateway filter I assume. The decent ones will do that through an LDAP connection (for example) to your exchange server. If not you are accepting all email for your domain…it hits the exchange server and invalid recipients are generating the outgoing NDR’s on the exchange server. I really really think that is the root of your problem here. That flood of stuck outbound NDR’s is hanging everything else up. *From:* Jeff Brown [mailto:2jbr...@gmail.com] *Sent:* Wednesday, June 09, 2010 1:53 PM *To:* MS-Exchange Admin Issues *Subject:* Re: undeliverables clogging que's we are currently not doing any filtering with exchange, but we have a gateway filter appliance and are running a symantec filter on the mailbox server. On Wed, Jun 9, 2010 at 12:43 PM, Campbell, Rob rob_campb...@centraltechnology.net wrote: Did your “consultant” not set up any spam filtering? It sounds like you’re either wide open, or infected internally. *From:* Jeff Brown [mailto:2jbr...@gmail.com] *Sent:* Wednesday, June 09, 2010 12:35 PM *To:* MS-Exchange Admin Issues *Subject:* Re: undeliverables clogging que's The From: seems to by typical spam, spoofed addresses, predictable subject lines. The To: seems to vary, some to current employees, some to former employees and some to unknowns... On Wed, Jun 9, 2010 at 12:31 PM, Kennedy, Jim kennedy...@elyriaschools.org wrote: The undeliverable’s are from who and to who? Is there a common thread with them? *From:* Jeff Brown [mailto:2jbr...@gmail.com] *Sent:* Wednesday, June 09, 2010 1:18 PM *To:* MS-Exchange Admin Issues *Subject:* undeliverables clogging que's We are in the middle of a multi-domain migration from E2k3 servers to E2K7. We had an outside consultant come in and set this all up. We had some time constraints and unrelated hardware issues that have complicated this process at times, and things have not always gone smoothly(imagine that). Everything seems to be working fine except that we have had reports of missing email and looked to find a que with hundreds of undelivered messages on the E2K7 Hub/CAS server. 80% or so of those messages are identified as undeliverable. When we manually delete the undeliverables the rest of the messages seem to go out just fine. I'll be happy to provide more details about our setup, but I'm thinking that may be something someone else has seen and may be able to point us in the right direction to get this resolved??? thanks for any help. Jeff ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. **
RE: undeliverables clogging que's
the moment and don't have any to copy and display. I setup ZEN from spamhouse to do recipient filtering, maybe that will help. I really prefer to drop messages for invalid recipients, but with all the migrations we are doing the LDAP lookups weren't keeping up, and my filter refuses to look at secondary SMTP addresses... /me wonders how a DNS BL can possibly do recipient filtering. We've configured our Ironport and its LDAP recipient validation to return a SMTP tempfail 4xx code to the sender if the LDAP query times out. Typically, a sending MTA will retry in a backoff style algorithm which lowers the incoming load on the gateway infrastructure. This way the recipient validation is ensured and no mail is lost. Hopefully your gateway supports this kind of configuration. Don't forget, LDAP queries can be directed at the GC port also. ~JasonG
RE: undeliverables clogging que's
Last time I saw something like this, it was employees with Out Of Office messages sent out into the world rather than limiting them to internal recipients or Contacts. They got sent to spammers who then used them for NDR's and spoofs. It might be a case where your network is secured but you just have to deal with the pains of the NDR's until they eventually die down, which they will. Jay Dale I.T. Manager, 3GiG Mobile: 713.299.2541 Email: jay.d...@3-gig.commailto:jay.d...@3-gig.com Confidentiality Notice: This e-mail, including any attached files, may contain confidential and/or privileged information for the sole use of the intended recipient. If you are not the intended recipient, you are hereby notified that any review, dissemination or copying of this e-mail and attachments, if any, or the information contained herein, is strictly prohibited. If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message. From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Wednesday, June 09, 2010 12:18 PM To: MS-Exchange Admin Issues Subject: undeliverables clogging que's We are in the middle of a multi-domain migration from E2k3 servers to E2K7. We had an outside consultant come in and set this all up. We had some time constraints and unrelated hardware issues that have complicated this process at times, and things have not always gone smoothly(imagine that). Everything seems to be working fine except that we have had reports of missing email and looked to find a que with hundreds of undelivered messages on the E2K7 Hub/CAS server. 80% or so of those messages are identified as undeliverable. When we manually delete the undeliverables the rest of the messages seem to go out just fine. I'll be happy to provide more details about our setup, but I'm thinking that may be something someone else has seen and may be able to point us in the right direction to get this resolved??? thanks for any help. Jeff
Re: undeliverables clogging que's
*EXAMPLE #1* Identity: SOL-EXCH1\7101\13399 Subject: Undeliverable: [Spam] Make better food! Internet Message ID: 2f3623af-1a77-4f11-8232-907fba43ce07 From Address: Status: Ready Size (KB): 12 Message Source Name: DSN Source IP: 255.255.255.255 SCL: -1 Date Received: 6/9/2010 1:46:12 PM Expiration Time: 6/11/2010 1:46:12 PM Last Error: Queue ID: SOL-EXCH1\7101 Recipients: 1-77031-sojourncare.com?abai...@jasper.broadcastdeal.info *EXAMPLE #2* Identity: SOL-EXCH1\7101\13396 Subject: Undeliverable: [Spam] Automobile Insurance � Compare and Save Instantly. Internet Message ID: a27817aa-817d-42a9-b5e0-a8bb9847ece1 From Address: Status: Ready Size (KB): 11 Message Source Name: DSN Source IP: 255.255.255.255 SCL: -1 Date Received: 6/9/2010 1:44:08 PM Expiration Time: 6/11/2010 1:44:08 PM Last Error: 421 4.4.2 Connection dropped Queue ID: SOL-EXCH1\7101 Recipients: 2insure4l...@overcomingfa.com NO From: address on any of the undeliverables that are now in the que. Recipient example 2 email domain not close to any accepted mail domain here. On Wed, Jun 9, 2010 at 1:50 PM, Jay Dale jay.d...@3-gig.com wrote: Last time I saw something like this, it was employees with Out Of Office messages sent out into the world rather than limiting them to internal recipients or Contacts. They got sent to spammers who then used them for NDR’s and spoofs. It might be a case where your network is secured but you just have to deal with the pains of the NDR’s until they eventually die down, which they will. *Jay Dale* I.T. Manager, 3GiG Mobile: 713.299.2541 Email: jay.d...@3-gig.com Confidentiality Notice: This e-mail, including any attached files, may contain confidential and/or privileged information for the sole use of the intended recipient. If you are not the intended recipient, you are hereby notified that any review, dissemination or copying of this e-mail and attachments, if any, or the information contained herein, is strictly prohibited. If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message. *From:* Jeff Brown [mailto:2jbr...@gmail.com] *Sent:* Wednesday, June 09, 2010 12:18 PM *To:* MS-Exchange Admin Issues *Subject:* undeliverables clogging que's We are in the middle of a multi-domain migration from E2k3 servers to E2K7. We had an outside consultant come in and set this all up. We had some time constraints and unrelated hardware issues that have complicated this process at times, and things have not always gone smoothly(imagine that). Everything seems to be working fine except that we have had reports of missing email and looked to find a que with hundreds of undelivered messages on the E2K7 Hub/CAS server. 80% or so of those messages are identified as undeliverable. When we manually delete the undeliverables the rest of the messages seem to go out just fine. I'll be happy to provide more details about our setup, but I'm thinking that may be something someone else has seen and may be able to point us in the right direction to get this resolved??? thanks for any help. Jeff
RE: undeliverables clogging que's
Yep, that is an outgoing NDR from your Exchange server. I stand by my initial guess if those messages are typical of what is filling your queue, outgoing non-deliverables generated by your exchange server. Your gateway tagged it as [Spam] then delivered it to your Exchange server. The exchange server can’t find the original recipient in your system so it generated the below outgoing NDR that is going to a bogus or non-functioning domain/email system. The from is blank because Exchange does not want to create an endless loop of undeliverables, it knows it has enough problems already. ☺ Turn up your gateway spam filtering so this doesn’t get to your exchange server or fix the recipient verification system on it. The latter would be better and if it doesn’t do that you should replace it. Also look at your gateway and find the original message with that subject, that will give you some clues. From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Wednesday, June 09, 2010 3:00 PM To: MS-Exchange Admin Issues Subject: Re: undeliverables clogging que's EXAMPLE #1 Identity: SOL-EXCH1\7101\13399 Subject: Undeliverable: [Spam] Make better food! Internet Message ID: 2f3623af-1a77-4f11-8232-907fba43ce07 From Address: Status: Ready Size (KB): 12 Message Source Name: DSN Source IP: 255.255.255.255 SCL: -1 Date Received: 6/9/2010 1:46:12 PM Expiration Time: 6/11/2010 1:46:12 PM Last Error: Queue ID: SOL-EXCH1\7101 Recipients: 1-77031-sojourncare.com?abai...@jasper.broadcastdeal.infohttp://1-77031-sojourncare.com?abai...@jasper.broadcastdeal.info EXAMPLE #2 Identity: SOL-EXCH1\7101\13396 Subject: Undeliverable: [Spam] Automobile Insurance � Compare and Save Instantly. Internet Message ID: a27817aa-817d-42a9-b5e0-a8bb9847ece1 From Address: Status: Ready Size (KB): 11 Message Source Name: DSN Source IP: 255.255.255.255 SCL: -1 Date Received: 6/9/2010 1:44:08 PM Expiration Time: 6/11/2010 1:44:08 PM Last Error: 421 4.4.2 Connection dropped Queue ID: SOL-EXCH1\7101 Recipients: 2insure4l...@overcomingfa.commailto:2insure4l...@overcomingfa.com NO From: address on any of the undeliverables that are now in the que. Recipient example 2 email domain not close to any accepted mail domain here. On Wed, Jun 9, 2010 at 1:50 PM, Jay Dale jay.d...@3-gig.commailto:jay.d...@3-gig.com wrote: Last time I saw something like this, it was employees with Out Of Office messages sent out into the world rather than limiting them to internal recipients or Contacts. They got sent to spammers who then used them for NDR’s and spoofs. It might be a case where your network is secured but you just have to deal with the pains of the NDR’s until they eventually die down, which they will. Jay Dale I.T. Manager, 3GiG Mobile: 713.299.2541 Email: jay.d...@3-gig.commailto:jay.d...@3-gig.com Confidentiality Notice: This e-mail, including any attached files, may contain confidential and/or privileged information for the sole use of the intended recipient. If you are not the intended recipient, you are hereby notified that any review, dissemination or copying of this e-mail and attachments, if any, or the information contained herein, is strictly prohibited. If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message. From: Jeff Brown [mailto:2jbr...@gmail.commailto:2jbr...@gmail.com] Sent: Wednesday, June 09, 2010 12:18 PM To: MS-Exchange Admin Issues Subject: undeliverables clogging que's We are in the middle of a multi-domain migration from E2k3 servers to E2K7. We had an outside consultant come in and set this all up. We had some time constraints and unrelated hardware issues that have complicated this process at times, and things have not always gone smoothly(imagine that). Everything seems to be working fine except that we have had reports of missing email and looked to find a que with hundreds of undelivered messages on the E2K7 Hub/CAS server. 80% or so of those messages are identified as undeliverable. When we manually delete the undeliverables the rest of the messages seem to go out just fine. I'll be happy to provide more details about our setup, but I'm thinking that may be something someone else has seen and may be able to point us in the right direction to get this resolved??? thanks for any help. Jeff
RE: undeliverables clogging que's
Or….you said you have Symantec doing spam filtering on your exchange server also? It could be generating these NDR’s. Is it set up to deliver an NDR if it classifies an email as spam? If so that is very very bad. From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Wednesday, June 09, 2010 3:07 PM To: MS-Exchange Admin Issues Subject: RE: undeliverables clogging que's Yep, that is an outgoing NDR from your Exchange server. I stand by my initial guess if those messages are typical of what is filling your queue, outgoing non-deliverables generated by your exchange server. Your gateway tagged it as [Spam] then delivered it to your Exchange server. The exchange server can’t find the original recipient in your system so it generated the below outgoing NDR that is going to a bogus or non-functioning domain/email system. The from is blank because Exchange does not want to create an endless loop of undeliverables, it knows it has enough problems already. ☺ Turn up your gateway spam filtering so this doesn’t get to your exchange server or fix the recipient verification system on it. The latter would be better and if it doesn’t do that you should replace it. Also look at your gateway and find the original message with that subject, that will give you some clues. From: Jeff Brown [mailto:2jbr...@gmail.com] Sent: Wednesday, June 09, 2010 3:00 PM To: MS-Exchange Admin Issues Subject: Re: undeliverables clogging que's EXAMPLE #1 Identity: SOL-EXCH1\7101\13399 Subject: Undeliverable: [Spam] Make better food! Internet Message ID: 2f3623af-1a77-4f11-8232-907fba43ce07 From Address: Status: Ready Size (KB): 12 Message Source Name: DSN Source IP: 255.255.255.255 SCL: -1 Date Received: 6/9/2010 1:46:12 PM Expiration Time: 6/11/2010 1:46:12 PM Last Error: Queue ID: SOL-EXCH1\7101 Recipients: 1-77031-sojourncare.com?abai...@jasper.broadcastdeal.infohttp://1-77031-sojourncare.com?abai...@jasper.broadcastdeal.info EXAMPLE #2 Identity: SOL-EXCH1\7101\13396 Subject: Undeliverable: [Spam] Automobile Insurance � Compare and Save Instantly. Internet Message ID: a27817aa-817d-42a9-b5e0-a8bb9847ece1 From Address: Status: Ready Size (KB): 11 Message Source Name: DSN Source IP: 255.255.255.255 SCL: -1 Date Received: 6/9/2010 1:44:08 PM Expiration Time: 6/11/2010 1:44:08 PM Last Error: 421 4.4.2 Connection dropped Queue ID: SOL-EXCH1\7101 Recipients: 2insure4l...@overcomingfa.commailto:2insure4l...@overcomingfa.com NO From: address on any of the undeliverables that are now in the que. Recipient example 2 email domain not close to any accepted mail domain here. On Wed, Jun 9, 2010 at 1:50 PM, Jay Dale jay.d...@3-gig.commailto:jay.d...@3-gig.com wrote: Last time I saw something like this, it was employees with Out Of Office messages sent out into the world rather than limiting them to internal recipients or Contacts. They got sent to spammers who then used them for NDR’s and spoofs. It might be a case where your network is secured but you just have to deal with the pains of the NDR’s until they eventually die down, which they will. Jay Dale I.T. Manager, 3GiG Mobile: 713.299.2541 Email: jay.d...@3-gig.commailto:jay.d...@3-gig.com Confidentiality Notice: This e-mail, including any attached files, may contain confidential and/or privileged information for the sole use of the intended recipient. If you are not the intended recipient, you are hereby notified that any review, dissemination or copying of this e-mail and attachments, if any, or the information contained herein, is strictly prohibited. If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message. From: Jeff Brown [mailto:2jbr...@gmail.commailto:2jbr...@gmail.com] Sent: Wednesday, June 09, 2010 12:18 PM To: MS-Exchange Admin Issues Subject: undeliverables clogging que's We are in the middle of a multi-domain migration from E2k3 servers to E2K7. We had an outside consultant come in and set this all up. We had some time constraints and unrelated hardware issues that have complicated this process at times, and things have not always gone smoothly(imagine that). Everything seems to be working fine except that we have had reports of missing email and looked to find a que with hundreds of undelivered messages on the E2K7 Hub/CAS server. 80% or so of those messages are identified as undeliverable. When we manually delete the undeliverables the rest of the messages seem to go out just fine. I'll be happy to provide more details about our setup, but I'm thinking that may be something someone else has seen and may be able to point us in the right direction to get this resolved??? thanks for any help. Jeff
Re: undeliverables clogging que's
I'll check on all that. Thanks VERY much for all your help. On Wed, Jun 9, 2010 at 2:14 PM, Kennedy, Jim kennedy...@elyriaschools.orgwrote: Or….you said you have Symantec doing spam filtering on your exchange server also? It could be generating these NDR’s. Is it set up to deliver an NDR if it classifies an email as spam? If so that is very very bad. *From:* Kennedy, Jim [mailto:kennedy...@elyriaschools.org] *Sent:* Wednesday, June 09, 2010 3:07 PM *To:* MS-Exchange Admin Issues *Subject:* RE: undeliverables clogging que's Yep, that is an outgoing NDR from your Exchange server. I stand by my initial guess if those messages are typical of what is filling your queue, outgoing non-deliverables generated by your exchange server. Your gateway tagged it as [Spam] then delivered it to your Exchange server. The exchange server can’t find the original recipient in your system so it generated the below outgoing NDR that is going to a bogus or non-functioning domain/email system. The from is blank because Exchange does not want to create an endless loop of undeliverables, it knows it has enough problems already. J Turn up your gateway spam filtering so this doesn’t get to your exchange server or fix the recipient verification system on it. The latter would be better and if it doesn’t do that you should replace it. Also look at your gateway and find the original message with that subject, that will give you some clues. *From:* Jeff Brown [mailto:2jbr...@gmail.com] *Sent:* Wednesday, June 09, 2010 3:00 PM *To:* MS-Exchange Admin Issues *Subject:* Re: undeliverables clogging que's *EXAMPLE #1* Identity: SOL-EXCH1\7101\13399 Subject: Undeliverable: [Spam] Make better food! Internet Message ID: 2f3623af-1a77-4f11-8232-907fba43ce07 From Address: Status: Ready Size (KB): 12 Message Source Name: DSN Source IP: 255.255.255.255 SCL: -1 Date Received: 6/9/2010 1:46:12 PM Expiration Time: 6/11/2010 1:46:12 PM Last Error: Queue ID: SOL-EXCH1\7101 Recipients: 1-77031-sojourncare.com?abai...@jasper.broadcastdeal.info *EXAMPLE #2* Identity: SOL-EXCH1\7101\13396 Subject: Undeliverable: [Spam] Automobile Insurance � Compare and Save Instantly. Internet Message ID: a27817aa-817d-42a9-b5e0-a8bb9847ece1 From Address: Status: Ready Size (KB): 11 Message Source Name: DSN Source IP: 255.255.255.255 SCL: -1 Date Received: 6/9/2010 1:44:08 PM Expiration Time: 6/11/2010 1:44:08 PM Last Error: 421 4.4.2 Connection dropped Queue ID: SOL-EXCH1\7101 Recipients: 2insure4l...@overcomingfa.com NO From: address on any of the undeliverables that are now in the que. Recipient example 2 email domain not close to any accepted mail domain here. On Wed, Jun 9, 2010 at 1:50 PM, Jay Dale jay.d...@3-gig.com wrote: Last time I saw something like this, it was employees with Out Of Office messages sent out into the world rather than limiting them to internal recipients or Contacts. They got sent to spammers who then used them for NDR’s and spoofs. It might be a case where your network is secured but you just have to deal with the pains of the NDR’s until they eventually die down, which they will. *Jay Dale* I.T. Manager, 3GiG Mobile: 713.299.2541 Email: jay.d...@3-gig.com Confidentiality Notice: This e-mail, including any attached files, may contain confidential and/or privileged information for the sole use of the intended recipient. If you are not the intended recipient, you are hereby notified that any review, dissemination or copying of this e-mail and attachments, if any, or the information contained herein, is strictly prohibited. If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message. *From:* Jeff Brown [mailto:2jbr...@gmail.com] *Sent:* Wednesday, June 09, 2010 12:18 PM *To:* MS-Exchange Admin Issues *Subject:* undeliverables clogging que's We are in the middle of a multi-domain migration from E2k3 servers to E2K7. We had an outside consultant come in and set this all up. We had some time constraints and unrelated hardware issues that have complicated this process at times, and things have not always gone smoothly(imagine that). Everything seems to be working fine except that we have had reports of missing email and looked to find a que with hundreds of undelivered messages on the E2K7 Hub/CAS server. 80% or so of those messages are identified as undeliverable. When we manually delete the undeliverables the rest of the messages seem to go out just fine. I'll be happy to provide more details about our setup, but I'm thinking that may be something someone else has seen and may be able to point us in the right direction to get this resolved??? thanks for any help. Jeff
