Archive for February, 2008

‘Out of Office’ Messages & Spam

February 29, 2008

I have struggled all week with a client’s Exchange server. All seemed fine but every morning there was a call on our support line to say they couldn’t connect to Exchange. On logging in, all seemed fine but a lot of stuff in the queue. Restarting the Exchange System Attendant and SMTP service seemed to do the trick.

So the likely diagnosis would be that there was a virus lurking somewhere on the system pumping out emails at such a rate as to cause the queues to stall. On inspection of the queues, sure enough the same few users were involved each night and the contend of the messages was very spam like with lots of undeliverables etc. Running Symantec AV from the server (I don’t like this product but no choice in this instance) reveals nothing and there is no other trace of any virus-like activity.

I was fairly convinced a virus must be involved and our scanning was missing it. I had to visit the client today to install a couple of PCs and resolved to sort out the issue while I was there – though I really couldn’t think what more I could do than continue virus hunting.

While I was there a couple of users remarked casually on the gradual increase in the volume of spam they are receiving over the last few months. I thought little of it other than the obvious sales opportunity and resolved to mention to the boss that we ought to install a spam filter on the server.

I installed the two PCs for a couple of users who were away on leave for the week. Did the usual set up of the PCs which concludes with making sure Outlook is working fine. I fired up Outlook and noticed several ‘message undeliverable’ reports in the In Box including several delivered that day. I had also noticed, without giving it a second thought, when I started Outlook that it had let me know that ‘Out of Office Auto Response’ was on.

Suddenly came the light bulb moment. I asked the IT manager how many staff were on holiday that week. The answer was four. I then asked if all were using ‘Out of Office Auto Response’ and, of course, the answer was yes. In fact, he went on to say, they hadn’t been using it before but had just decided it was a rather cool idea.

Of course, when they first started using it they quickly noticed that ‘Out of Office Auto Response’  messages were not being sent to people outside the office. They had phoned our help desk and, of course, our obliging team had changed the default Exchange setting to prevent ‘Out of Office Auto Response’ messages being sent outside the organisation.

So now I realised what was happening. A couple of thousand spam emails were coming in each day. Many of them were generating ‘Out of Office Auto Response’ messages which, in turn, given that most of the spam was originating from spoofed user names at real domains, were generating ‘Message Undeliverable’ responses which, again in turn, were generating a second ‘Out of Office Auto Response’  message … and so on … and on!

Until today I had often wondered why Microsoft had decided to include the ‘Out of Office Auto Response’ feature in Outlook while making the default setting in Exchange that these messages should not be sent out of the organisation. As we deal with relatively small offices where colleagues usually know when someone is out of the office it seemed particularly odd.

Now I know why! And, I also realise there is a nice sales opportunity. Come the holiday season when clients start phoning in to have the Exchange defaults changed we must remember to let them know they really have to have a spam filter first.

Advertisements