Discussion:
What is *.BAD *.BDP & *.BDR
(too old to reply)
KF Thomas SHIU
2004-07-14 13:50:59 UTC
Permalink
Hi all,

I found that so many files with extension *.BAD, *.BDP & *.BDR. Is anyone
know what is this and why it always come?

Thanks,

KF Thomas SHIU
General Network Computing Limited
Leif Pedersen [MVP]
2004-07-14 14:35:14 UTC
Permalink
Hi,

Most of these files are NDR's that can't be delivered to remote domains. You
can view the files in notepad.

You can safely delete all files in the badmailfolder.

Leif
Post by KF Thomas SHIU
Hi all,
I found that so many files with extension *.BAD, *.BDP & *.BDR. Is anyone
know what is this and why it always come?
Thanks,
KF Thomas SHIU
General Network Computing Limited
KF Thomas SHIU
2004-07-15 14:12:44 UTC
Permalink
Hi Leif,

Is it someone sent spoof e-mail address to the server and server generate
this type of mail?

If so, how can prevent it?

By the way, is it possible to change the exchange server to verify the
incoming address is valid. If the incoming address is invalid, how to eject
this type of message?

Thanks,

KF Thomas SHIU
General Network Computing Limited
Post by Leif Pedersen [MVP]
Hi,
Most of these files are NDR's that can't be delivered to remote domains. You
can view the files in notepad.
You can safely delete all files in the badmailfolder.
Leif
Post by KF Thomas SHIU
Hi all,
I found that so many files with extension *.BAD, *.BDP & *.BDR. Is anyone
know what is this and why it always come?
Thanks,
KF Thomas SHIU
General Network Computing Limited
Leif Pedersen [MVP]
2004-07-15 19:54:05 UTC
Permalink
Hi,

It could be emails to non existing users on your server that are being
NDR'ed.

That is normal procedure as legimite users from other companies also might
misspell a username and need to get a message back that this user doesn't
exist.

Leif
Post by KF Thomas SHIU
Hi Leif,
Is it someone sent spoof e-mail address to the server and server generate
this type of mail?
If so, how can prevent it?
By the way, is it possible to change the exchange server to verify the
incoming address is valid. If the incoming address is invalid, how to eject
this type of message?
Thanks,
KF Thomas SHIU
General Network Computing Limited
Post by Leif Pedersen [MVP]
Hi,
Most of these files are NDR's that can't be delivered to remote domains.
You
Post by Leif Pedersen [MVP]
can view the files in notepad.
You can safely delete all files in the badmailfolder.
Leif
Post by KF Thomas SHIU
Hi all,
I found that so many files with extension *.BAD, *.BDP & *.BDR. Is
anyone
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
know what is this and why it always come?
Thanks,
KF Thomas SHIU
General Network Computing Limited
KF Thomas SHIU
2004-07-16 12:16:54 UTC
Permalink
However, I found that 2 millions within 2 months. Is it SPAM?
Post by Leif Pedersen [MVP]
Hi,
It could be emails to non existing users on your server that are being
NDR'ed.
That is normal procedure as legimite users from other companies also might
misspell a username and need to get a message back that this user doesn't
exist.
Leif
Post by KF Thomas SHIU
Hi Leif,
Is it someone sent spoof e-mail address to the server and server generate
this type of mail?
If so, how can prevent it?
By the way, is it possible to change the exchange server to verify the
incoming address is valid. If the incoming address is invalid, how to
eject
Post by KF Thomas SHIU
this type of message?
Thanks,
KF Thomas SHIU
General Network Computing Limited
Post by Leif Pedersen [MVP]
Hi,
Most of these files are NDR's that can't be delivered to remote domains.
You
Post by Leif Pedersen [MVP]
can view the files in notepad.
You can safely delete all files in the badmailfolder.
Leif
Post by KF Thomas SHIU
Hi all,
I found that so many files with extension *.BAD, *.BDP & *.BDR. Is
anyone
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
know what is this and why it always come?
Thanks,
KF Thomas SHIU
General Network Computing Limited
Leif Pedersen [MVP]
2004-07-17 11:52:40 UTC
Permalink
Hi,

That sounds a bit too much.

You server is not an open relay???

See:
http://www.msexchange.org/tutorials/MF005.html
http://www.vamsoft.com/orf/authattack.asp

Leif
Post by KF Thomas SHIU
However, I found that 2 millions within 2 months. Is it SPAM?
Post by Leif Pedersen [MVP]
Hi,
It could be emails to non existing users on your server that are being
NDR'ed.
That is normal procedure as legimite users from other companies also might
misspell a username and need to get a message back that this user doesn't
exist.
Leif
Post by KF Thomas SHIU
Hi Leif,
Is it someone sent spoof e-mail address to the server and server
generate
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
this type of mail?
If so, how can prevent it?
By the way, is it possible to change the exchange server to verify the
incoming address is valid. If the incoming address is invalid, how to
eject
Post by KF Thomas SHIU
this type of message?
Thanks,
KF Thomas SHIU
General Network Computing Limited
Post by Leif Pedersen [MVP]
Hi,
Most of these files are NDR's that can't be delivered to remote
domains.
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
You
Post by Leif Pedersen [MVP]
can view the files in notepad.
You can safely delete all files in the badmailfolder.
Leif
Post by KF Thomas SHIU
Hi all,
I found that so many files with extension *.BAD, *.BDP & *.BDR. Is
anyone
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
know what is this and why it always come?
Thanks,
KF Thomas SHIU
General Network Computing Limited
KF Thomas SHIU
2004-07-17 15:45:26 UTC
Permalink
I'm quite sure the server is not an open relay because it is passed from
some famous RELAY test such as ORDB.

KF Thomas SHIU
Post by Leif Pedersen [MVP]
Hi,
That sounds a bit too much.
You server is not an open relay???
http://www.msexchange.org/tutorials/MF005.html
http://www.vamsoft.com/orf/authattack.asp
Leif
Post by KF Thomas SHIU
However, I found that 2 millions within 2 months. Is it SPAM?
Post by Leif Pedersen [MVP]
Hi,
It could be emails to non existing users on your server that are being
NDR'ed.
That is normal procedure as legimite users from other companies also
might
Post by KF Thomas SHIU
Post by Leif Pedersen [MVP]
misspell a username and need to get a message back that this user
doesn't
Post by KF Thomas SHIU
Post by Leif Pedersen [MVP]
exist.
Leif
Post by KF Thomas SHIU
Hi Leif,
Is it someone sent spoof e-mail address to the server and server
generate
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
this type of mail?
If so, how can prevent it?
By the way, is it possible to change the exchange server to verify the
incoming address is valid. If the incoming address is invalid, how to
eject
Post by KF Thomas SHIU
this type of message?
Thanks,
KF Thomas SHIU
General Network Computing Limited
Post by Leif Pedersen [MVP]
Hi,
Most of these files are NDR's that can't be delivered to remote
domains.
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
You
Post by Leif Pedersen [MVP]
can view the files in notepad.
You can safely delete all files in the badmailfolder.
Leif
Post by KF Thomas SHIU
Hi all,
I found that so many files with extension *.BAD, *.BDP & *.BDR. Is
anyone
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
know what is this and why it always come?
Thanks,
KF Thomas SHIU
General Network Computing Limited
Leif Pedersen [MVP]
2004-07-17 17:32:18 UTC
Permalink
Hi,

You could still be subject to SMTP auth attack. Check the second article I
posted.

Leif
Post by KF Thomas SHIU
I'm quite sure the server is not an open relay because it is passed from
some famous RELAY test such as ORDB.
KF Thomas SHIU
Post by Leif Pedersen [MVP]
Hi,
That sounds a bit too much.
You server is not an open relay???
http://www.msexchange.org/tutorials/MF005.html
http://www.vamsoft.com/orf/authattack.asp
Leif
Post by KF Thomas SHIU
However, I found that 2 millions within 2 months. Is it SPAM?
Post by Leif Pedersen [MVP]
Hi,
It could be emails to non existing users on your server that are being
NDR'ed.
That is normal procedure as legimite users from other companies also
might
Post by KF Thomas SHIU
Post by Leif Pedersen [MVP]
misspell a username and need to get a message back that this user
doesn't
Post by KF Thomas SHIU
Post by Leif Pedersen [MVP]
exist.
Leif
Post by KF Thomas SHIU
Hi Leif,
Is it someone sent spoof e-mail address to the server and server
generate
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
this type of mail?
If so, how can prevent it?
By the way, is it possible to change the exchange server to verify
the
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
incoming address is valid. If the incoming address is invalid, how
to
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
Post by Leif Pedersen [MVP]
eject
Post by KF Thomas SHIU
this type of message?
Thanks,
KF Thomas SHIU
General Network Computing Limited
Post by Leif Pedersen [MVP]
Hi,
Most of these files are NDR's that can't be delivered to remote
domains.
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
You
Post by Leif Pedersen [MVP]
can view the files in notepad.
You can safely delete all files in the badmailfolder.
Leif
Post by KF Thomas SHIU
Hi all,
I found that so many files with extension *.BAD, *.BDP &
*.BDR.
Post by KF Thomas SHIU
Is
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
anyone
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
know what is this and why it always come?
Thanks,
KF Thomas SHIU
General Network Computing Limited
KF Thomas SHIU
2004-07-22 11:31:14 UTC
Permalink
I install the "GFI MailEssentials v10" and it seems better to prevent some
SPAM and the NDR problem become better.
Post by Leif Pedersen [MVP]
Hi,
You could still be subject to SMTP auth attack. Check the second article I
posted.
Leif
Post by KF Thomas SHIU
I'm quite sure the server is not an open relay because it is passed from
some famous RELAY test such as ORDB.
KF Thomas SHIU
Post by Leif Pedersen [MVP]
Hi,
That sounds a bit too much.
You server is not an open relay???
http://www.msexchange.org/tutorials/MF005.html
http://www.vamsoft.com/orf/authattack.asp
Leif
Post by KF Thomas SHIU
However, I found that 2 millions within 2 months. Is it SPAM?
Post by Leif Pedersen [MVP]
Hi,
It could be emails to non existing users on your server that are
being
Post by KF Thomas SHIU
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
Post by Leif Pedersen [MVP]
NDR'ed.
That is normal procedure as legimite users from other companies also
might
Post by KF Thomas SHIU
Post by Leif Pedersen [MVP]
misspell a username and need to get a message back that this user
doesn't
Post by KF Thomas SHIU
Post by Leif Pedersen [MVP]
exist.
Leif
Post by KF Thomas SHIU
Hi Leif,
Is it someone sent spoof e-mail address to the server and server
generate
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
this type of mail?
If so, how can prevent it?
By the way, is it possible to change the exchange server to verify
the
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
incoming address is valid. If the incoming address is invalid, how
to
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
Post by Leif Pedersen [MVP]
eject
Post by KF Thomas SHIU
this type of message?
Thanks,
KF Thomas SHIU
General Network Computing Limited
Post by Leif Pedersen [MVP]
Hi,
Most of these files are NDR's that can't be delivered to remote
domains.
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
You
Post by Leif Pedersen [MVP]
can view the files in notepad.
You can safely delete all files in the badmailfolder.
Leif
Post by KF Thomas SHIU
Hi all,
I found that so many files with extension *.BAD, *.BDP &
*.BDR.
Post by KF Thomas SHIU
Is
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
anyone
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
know what is this and why it always come?
Thanks,
KF Thomas SHIU
General Network Computing Limited
Spin
2004-07-18 22:15:22 UTC
Permalink
This article:

http://www.vamsoft.com/orf/authattack.asp

Says: "To avoid generating further NDR's, empty the outgoing message
queue."

Question: What physical folder on my exchange server represents the
outgoing message queue?
Post by Leif Pedersen [MVP]
Hi,
That sounds a bit too much.
You server is not an open relay???
http://www.msexchange.org/tutorials/MF005.html
http://www.vamsoft.com/orf/authattack.asp
Leif
Post by KF Thomas SHIU
However, I found that 2 millions within 2 months. Is it SPAM?
Post by Leif Pedersen [MVP]
Hi,
It could be emails to non existing users on your server that are being
NDR'ed.
That is normal procedure as legimite users from other companies also
might
Post by KF Thomas SHIU
Post by Leif Pedersen [MVP]
misspell a username and need to get a message back that this user
doesn't
Post by KF Thomas SHIU
Post by Leif Pedersen [MVP]
exist.
Leif
Post by KF Thomas SHIU
Hi Leif,
Is it someone sent spoof e-mail address to the server and server
generate
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
this type of mail?
If so, how can prevent it?
By the way, is it possible to change the exchange server to verify the
incoming address is valid. If the incoming address is invalid, how to
eject
Post by KF Thomas SHIU
this type of message?
Thanks,
KF Thomas SHIU
General Network Computing Limited
Post by Leif Pedersen [MVP]
Hi,
Most of these files are NDR's that can't be delivered to remote
domains.
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
You
Post by Leif Pedersen [MVP]
can view the files in notepad.
You can safely delete all files in the badmailfolder.
Leif
Post by KF Thomas SHIU
Hi all,
I found that so many files with extension *.BAD, *.BDP & *.BDR. Is
anyone
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
know what is this and why it always come?
Thanks,
KF Thomas SHIU
General Network Computing Limited
KF Thomas SHIU
2004-07-17 16:20:07 UTC
Permalink
I install it in my testing server. However, how can i test it because that
is using another it and domain.
You should consider to publish SPF records as described on
http://spf.pobox.com
furhtermore you should consider to buy an AntiSPAM Solution which can
reject/filter all
mails which are not address to a local user/domain and your problem should
be solved.
Instead of buying that Solution you might also consider to buy Exchange
2003 which has
some AntiSPAM features out of the box.
Post by KF Thomas SHIU
Hi Leif,
Is it someone sent spoof e-mail address to the server and server generate
this type of mail?
If so, how can prevent it?
By the way, is it possible to change the exchange server to verify the
incoming address is valid. If the incoming address is invalid, how to eject
this type of message?
Thanks,
KF Thomas SHIU
General Network Computing Limited
Post by Leif Pedersen [MVP]
Hi,
Most of these files are NDR's that can't be delivered to remote
domains.
Post by KF Thomas SHIU
You
Post by Leif Pedersen [MVP]
can view the files in notepad.
You can safely delete all files in the badmailfolder.
Leif
Post by KF Thomas SHIU
Hi all,
I found that so many files with extension *.BAD, *.BDP & *.BDR. Is
anyone
Post by Leif Pedersen [MVP]
Post by KF Thomas SHIU
know what is this and why it always come?
Thanks,
KF Thomas SHIU
General Network Computing Limited
Loading...