
	Home > Ask the Microsoft Exchange Experts > Richard Luckett: Spam and Security Questions & Answers > Trouble with inbound e-mails

Ask The Exchange Expert: Questions & Answers

EMAIL THIS

Trouble with inbound e-mails

EXPERT RESPONSE FROM: Richard Luckett

		Pose a Question

		Other Exchange Categories

		Meet all Exchange Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 12 February 2005
I'm having a problem with inbound e-mails from a couple of e-mail domains. The e-mails are making it through our outside spam filtering service just fine with no red flags. But when they hit our Exchange 5.5 server, they are being placed in the TurfDir folder. Neither the senders' e-mail addresses nor their e-mail domains are listed in the Exchange Administrator GUI TurfTable (or in the related registry entries). We get the 4142 entry in the application log every time we receive an e-mail from these domains.
"Delivery of a message was aborted because it appeared to be an impersonation attempt or unwanted bulk mail. The 821 originator was user.name@domain.co.uk. Either this address or the 822 message triggered this based on TurfTable entries in the registry. The message that caused this was ZZZZZZZZ."
This is an Exchange 5.5 SP4 server running on Win2k server.
We can send e-mail to these users/domains, but all inbound e-mail from them end up in the TurfDir folder.

I am looking for a valid reason why these are being sent to the turfdir and need to know how to allow these messages to be delivered.

This is an interesting problem. I have a theory as to why the e-mail domain is being identified as a potential impersonation but I can't answer why it is being directed to the turf directory. I took a look at the domain you mentioned "domain.co.uk" with Nslookup. The forward lookup resolved to 217.160.77.45. However a reverse lookup of the IP address resolves to sedo.de. None of the filtering tools that come with Exchange 5.5 support the reverse lookup function. However third-party tools and Exchange 2000 and 2003 do. This function would identify the e-mail domain as being suspect based on the reverse lookup being a different domain.

What you could try to do is to remove all entries in the message filter list and remove the registry value that creates the path to the turf directory then restart the Internet mail service. This should effectively disable message filtering on your IMC. Now verify, with message filtering removed, that you can receive e-mail from this external domain. If that doesn't work, then this has nothing to do with Exchange 5.5's message filtering. If that does work, then you can go through the process of re-enabling messaging filtering. Hopefully by reinstating the filters fresh it will eradicate whatever is turfing those e-mails.

Do you have comments on this Ask the Expert question and response? Let us know.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Spam and virus protection
	How to install Forefront Security for Exchange Server
	Block Web beacons and protect OWA users from spam
	Controlling spam in Exchange 2007 at the edge transport server level
	How file-level antivirus software can harm your Exchange Server
	Problems with email spoofing on SBS 2003
	Exchange Insider e-zine
	Securing your Exchange Server 2007 journaling archives
	Troubleshooting Outlook Web Access issues on a 64-bit system
	Microsoft Exchange Server security dos and don'ts
	Troubleshooting Microsoft Exchange Server Event ID error 6009
	Spam and virus protection Research

Legacy Microsoft Exchange Servers

Troubleshooting Outlook calendar errors on a BlackBerry device

How to move Exchange 2000 to new server hardware

Migrating mailboxes from Exchange Server 5.5 to Windows SBS 2003

Remove Exchange 5.5 servers from a mixed mode Exchange environment

Error 1053: Exchange System Attendant service could not start

Solve server problems with the Exchange Troubleshooting Assistant tool

Best approaches for upgrading Exchange 5.5 to Exchange 2000 or 2003

Move mailboxes to Exchange 2007 after Windows upgrade

Third-party tools that modify NDRs for oversized email

IP address changes for an Exchange 2000 recovery server

Legacy Microsoft Exchange Servers Research

Richard Luckett: Spam and Security

How effective is tracking the IP address of an email hacker?

Why can't I grant users permissions to an Exchange public folder?

How can I configure Exchange IMF to allow an IP address or DNS?

Tool helps identify inbound Exchange Server email flow issues

Configure SMTP relay restrictions in Exchange Server 2003 to stop spam

How to lock down an SMTP relay to prevent spam in Exchange Server 2003

Connecting an Apple iPhone to Exchange Server on Windows SBS 2003

Why does a security alert pop up when accessing Outlook Web Access?

Exchange email sent to a domain using SPF authentication is returned

Selectively set email permissions for Exchange groups

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

backscatter spam (SearchExchange.com)

greylist (SearchExchange.com)

image spam (SearchExchange.com)

KnujOn (SearchExchange.com)

Sender ID (SearchExchange.com)

spam confidence level (SearchExchange.com)

spamblock (SearchExchange.com)

spim (SearchExchange.com)

tarpitting (SearchExchange.com)

Vouch by Reference (VBR) (SearchExchange.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Outlook Web Access (OWA) Tips and Advice

SEARCH

TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2004 - 2009, TechTarget \| Read our Privacy Policy