Question : Exchange NDRs reports getting to the users mailboxes becasue spam

Scenario:

Exchange 2003 Ent (Cluster Active-Passive) Clients: Outlook 2003

Problem:

We have some users reporting that they have recevied NDRs letting them know that some of the messages they have sent our there have not being received.

This is cleary spam/email spoofing so that they can cause an DoS via NDR's. Also the NDR messages contains an HTML file attached that has a virus named by Symantec "JS.QsiFrame"

Here is what I think is going on

E-mail virus "X" is on Joe's computer. It harvests all of the e-mail addresses it can find (including yours). It picks one at random and "spoofs" that one as the sender address, thus ensuring Joe doesn't get suspicious seeing the spate of failure messages (because everybody has a bunch of "dead" addresses in their address book). You lucked out being picked as the spoofed address. You don't have a virus. Joe has a virus.

Questions:

1.) Does anyone know how can I get the number of NDR's that the Exchange server is sending out there? Any other suggestions on how to track this down?

2.) We are currently using Postini as the Enterprise Inbound Spam filter. Does anyone know how can we prevent this from happening again via Postini or any other methods (native to Exchange 2003 or Exchange 2007/2010)

Thank you
 

 

 

This is an automatically generated Delivery Status Notification. Delivery to the following recipients failed.        {removed email address}  

Answer : Exchange NDRs reports getting to the users mailboxes becasue spam

Hi
1. Go to ESM, SMTP virtual server properties, then Messages tab.  put your email address in the box to get a copy of NDRs.  Then you can see how many your dealing with.  2. I'm not up-to-speed with postini.