No originator in IMS queue

[Hanson]

I see some messages waiting in the IMS queue that have a blank originator. How can an internal user send out a message without an originator? Are these possibly generated by a virus? And is there any way to track a message in the queue to a user or mailbox?

Hanson

 

[ShackDaddy]

These messages are almost always created by spammers who are routing across your SMTP interface. I am struggling with the same problem. Setting explicit anti-relaying rules hasn't seemed to work for me yet.

ShackDaddy

 

[Hanson]

Is there no way to block these? No way to set a rule that messages without an originator are to be deleted?

Hanson

 

[Drop85]

Does anyone know anything on how to stop these people from doing this? It drags my already slow MS Exchange server down more. Please, someone, help.

 

[Grenage]

If you have turned off Relaying correctly you shouldn't/won't get any spam mail going through your server. Best to double check all your settings. Or try turning authentification on.

 

[bp1169]

I have been investing this for a while as well. As best as I can tell you get <> these (blank originators) because someone is spamming a name that doesn't exist on your domain, or rather doesn't have a local mailbox. Your mail server then tries to send a NDR to the originator which was a fake address and cannot get to that address. As a result what you are seeing is the NDR attempting to be sent to that invalid spammer address.

For example, say I have the domain mail.com a spammer (spammer@adf1-3242.com) tries to send an email to joe@mail.com for which there is no mailbox. My server tries to send an NDR back to the faked address and cannot reach that faked address, so it sits in the queue til it times out. I don't know of any way to stop this, other than turning off NDR's, which isn't an option in my case. I suppose reverse DNS would help, but unfortunately exchange 5.5 doesn't support that.

Hope this helps.