One of our older Servers runs MS Exchange Server 5.5, which is ancient, but very reliable.  A while back users started to complain that their e-mails were returned as undeliverable.我们的一个老版本的服务器运行质谱Exchange Server 5.5中,这是古老的,但非常可靠。一段时间后的用户开始抱怨说,他们的电子邮件被退回。 When checking the logs I found that most messages were returned with a “Host unreachable” message.当检查记录,我发现,大多数的邮件被退回了“无法访问主机”的消息。 The Internet Mail Service outbound queue filled up and none of the messages got delivered. Internet邮件服务输出队列填补了,没有得到的信息提供。 A simple telnet test showed that the hosts were reachable but the old Exchange 5.5 Server for some unknown reason refused to deliver anything.一个简单的远程登录试验表明,东道主到达了,但旧的Exchange 5.5服务器的一些不明原因拒绝提供任何东西。 Googling “Exchange Host Unreachable” revealed a  lot of such cases but none of the solutions suggested in these posts helped.  Finally I analyzed the network traffic and found that port 25 was constantly being used, BUT NOT by the Exchange Server.在Google上搜寻“交易所主机不可达”揭示了很多此类案件,但他们的解决方案,建议在这些职位有帮助。最后,我分析了网络流量,并发现端口25正在不断被利用,而不是在Exchange Server 。 It turned out that a user’s PC had been infected with a mass-mailing worm which used the same gateway IP address as the Exchange Server.原来,用户的电脑已经感染了大规模邮件蠕虫使用相同的网关IP地址的Exchange Server 。 As soon as the offending PC was removed from the network, the Exchange Server delivered Internet messages again.一旦违规被删除电脑从网络,在Exchange Server提供Internet邮件了。 So the root cause in this case was interference from a infected user PC.所以,根源在这种情况下,被干扰从感染用户电脑。

In the process of analyzing the network traffic on the ancient server, I discovered that Exchange Server 5.5 was vulnerable to reverse NDR attacks.在这个过程中分析了网络流量的古代服务器,我发现的Exchange Server 5.5是脆弱的,以扭转的NDR攻击。 Microsoft had announced the availability of a patch that lets you control the generation and delivery of NDR’s, but then apparently decided to withdraw the patch in order to get users to upgrade their software; the patch is no longer available from Microsoft. 微软宣布推出一个补丁 ,可以让您控制生成和交付的NDR的,但显然决定撤销该修补程序,以便让用户能够升级其软件的补丁不再是可以从Microsoft 。 It can be downloaded here .它可在这里下载 Installing the patch reduced e-mail traffic on this server by a factor of 10 (!), implying that the bulk of e-mails that were send out before the patch was installed consisted of NDRs; responses to spam that were undeliverable.安装补丁减少电子邮件流量在此服务器上了10倍( ! ) ,这意味着大量的电子邮件被发送修补程序之前的安装组成的NDR ;应对垃圾邮件的送达。