Heyo
Just had to analyze a quite strange problem of our and a customer's Mailserver being mailbombed...
It turned out, that the customer sent an email to about 50 recipients. He put all the Recipients in the 'To:' Line.
Shortly after that, his Exchange Server was Mailbombed to death.
He called me and I tool a look into our logfiles and noticed a huge amount of entries with his domainname. Mostly from Bluewin and Cybernet.
I first tought of a new very heave Virus outbreak, because our Mailserver is not MX nor Backup MX for the customer's Domain.
After a closer look I saw that all those mails were addressed to our customers, but arrived from many different IP's @bluewin and @cybernet. The 'From:' line was the customer who originaly sent that email to those 50 recipients.
So I connected one pop3 box of a affected customer to have a closer look at the headers.
All the mails that keep being resent had all original 'Receive:' lines removed. The oldest one is:
Received: from mail pickup service by [$customersserver] with Microsoft SMTPSVC;
After talking to the Mailadmin of the Exchange Server, this seams what happens:
This M$ POP3 Connector for Exchange get's the Emails from a POP3 Account, looks at the To: line and delivers them to the recipients found there.
Great! Now we have about 5 Servers on the net in Switzerland playing Email-Ping-Pong with each other and filling up the inboxes of those original 50 recipients... :-/
Does somebody know about this Bug or config problem and has a quick fix?
Regards -Benoit-