Q

Trouble with inbound e-mails

I'm having a problem with inbound e-mails from a couple of e-mail domains. The e-mails are making it through our outside spam filtering service just fine with no red flags. But when they hit our Exchange 5.5 server, they are being placed in the TurfDir folder. Neither the senders' e-mail addresses nor their e-mail domains are listed in the Exchange Administrator GUI TurfTable (or in the related registry entries). We get the 4142 entry in the application log every time we receive an e-mail from these domains.

"Delivery of a message was aborted because it appeared to be an impersonation attempt or unwanted bulk mail. The 821 originator was user.name@domain.co.uk. Either this address or the 822 message triggered this based on TurfTable entries in the registry. The message that caused this was ZZZZZZZZ."

This is an Exchange 5.5 SP4 server running on Win2k server.

We can send e-mail to these users/domains, but all inbound e-mail from them end up in the TurfDir folder.

I am looking for a valid reason why these are being sent to the turfdir and need to know how to allow these messages to be delivered.

This is an interesting problem. I have a theory as to why the e-mail domain is being identified as a potential impersonation but I can't answer why it is being directed to the turf directory. I took a look at the domain you mentioned "domain.co.uk" with Nslookup. The forward lookup resolved to 217.160.77.45. However a reverse lookup of the IP address resolves to sedo.de. None of the filtering tools that come with Exchange 5.5 support the reverse lookup function. However third-party tools and Exchange 2000 and 2003 do. This function would identify the e-mail domain as being suspect based on the reverse lookup being a different domain.

What you could try to do is to remove all entries in the message filter list and remove the registry value that creates the path to the turf directory then restart the Internet mail service. This should effectively disable message filtering on your IMC. Now verify, with message filtering removed, that you can receive e-mail from this external domain. If that doesn't work, then this has nothing to do with Exchange 5.5's message filtering. If that does work, then you can go through the process of re-enabling messaging filtering. Hopefully by reinstating the filters fresh it will eradicate whatever is turfing those e-mails.


Do you have comments on this Ask the Expert question and response? Let us know.
This was first published in February 2005

Dig deeper on Spam and virus protection

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

SearchEnterpriseDesktop

SearchCloudComputing

SearchSQLServer

Close