none
SPAM messages and journaling Exchange 2010 SP1 RRS feed

  • Question

  • Hello

    My org uses Exchange 2010 SP1 RU6 servers - 2x CAS/HT, 2x MB, 2x CAS/HT/MB

    We journal and all mail both inbound and outbound using Postini. Postini is also responsible for inbound message hygiene.

    Recently I have noticed that the outbound queues in Exchange journaling mail to Postini are filling up with SPAM.

    I'm presuming that these SPAM emails have made it through the Postini filtering process (possibly by users delivering them from their quarantine area in Postini??) and into our internal network. Once in the user(s) mailbox the journal rule attempts to journal the email back out to the Postini servers but is then blocked by the Postini servers as it is recognised as SPAM.

    The queue retries delivery but the following message is returned:

    Last Error: 400 4.4.7 The server responded with: 501 Spam Blocked - psmtp

    This is all well and good, and I was expecting to to see each message time out, expire and be removed from the outbound queue after 2 days (expiration time value). this is not happening and the queues have to be manually emptied of SPAM.

    To make matters worse each message doesn't to have a sender address, so I cannot track the mailboxes down that are generating these emails.

    Can anyone help or shed any light on this situation??

    Many thanks

     

     

     


    Matt
    Monday, January 9, 2012 9:06 PM

Answers

  • Hi Leif

    Thanks for the reply.

    If I understand correctly then, these queue items are NDR's in response to attempted delivery of SPAM to non-existent recipients?

    In the case of recipient filtering, surely this would only work if the Anti-Spam agents were installed on the HT servers?

    As we use Postini for message hygiene surely this step is not necassary?

    Matt

     


    Matt
    • Marked as answer by Matt_Pollock Wednesday, January 11, 2012 10:08 AM
    Tuesday, January 10, 2012 12:52 PM

All replies

  • Hi,

    It sounds to me that these are NDR's in response to SPAM sent to not existing users in your organization.

    If you enable recipient filtering on either server you shoudln't receive such spam messages and therefore wouldn't try to NDR these.

    http://technet.microsoft.com/en-us/library/bb123891.aspx

    Leif

    Tuesday, January 10, 2012 9:39 AM
  • Hi Leif

    Thanks for the reply.

    If I understand correctly then, these queue items are NDR's in response to attempted delivery of SPAM to non-existent recipients?

    In the case of recipient filtering, surely this would only work if the Anti-Spam agents were installed on the HT servers?

    As we use Postini for message hygiene surely this step is not necassary?

    Matt

     


    Matt
    • Marked as answer by Matt_Pollock Wednesday, January 11, 2012 10:08 AM
    Tuesday, January 10, 2012 12:52 PM
  • Re posted thread in Compliance forum, thanks for your assistance

    Regards

    Matt


    Matt
    Wednesday, January 11, 2012 10:10 AM