Aggghhhh! Outlook is posting hidden spam!

K

Knightnet

Hi all, is there anyone who can help?

I started up OL 2007 a couple of days ago and suddenly noticed it had
over 500 OUTGOING emails it was trying to post!! This is from a secure
IMAP service. It is only on one account too (I have 3 defined).

I managed to stop the sending but only after around 200 spam emails
had been sent. I then ran a full anti-malware scan of my PC (which is
running Windows 7 Beta from MSDN by the way). There was no sign of any
malware on the PC.

I've also done checks for those stuck send receipts I'm told you can
get - nothing. And there is nothing in the local outbox.

Basically, OL is now useless to me. This is a professional account and
I cannot afford to risk OL doing this again.

Can anyone shed any light as to what has happened and any way of
deleting the remaining outgoing emails?

Please!!
 
B

Brian Tillman [MVP - Outlook]

I started up OL 2007 a couple of days ago and suddenly noticed it had
over 500 OUTGOING emails it was trying to post!! This is from a secure
IMAP service. It is only on one account too (I have 3 defined).

I managed to stop the sending but only after around 200 spam emails
had been sent. I then ran a full anti-malware scan of my PC (which is
running Windows 7 Beta from MSDN by the way). There was no sign of any
malware on the PC.

Can you post an example of one of these messages?
 
D

Diane Poremsky [MVP]

Know issue with IMAP accounts. See
http://www.slipstick.com/problems/rr_ndr.asp

AFAIK, the recent cumulative update did not address this issue but I also
didn't test it.

--
Diane Poremsky [MVP - Outlook]
Need Help with Common Tasks? http://www.outlook-tips.net/beginner/
Outlook 2007: http://www.slipstick.com/outlook/ol2007/



Exchange Messaging Outlook newsletter:
(e-mail address removed)




You can access this newsgroup by visiting
http://www.microsoft.com/office/community/en-us/default.mspx or point your
newsreader to msnews.microsoft.com.
 
K

Knightnet

Thanks Peter and Brian for replying.

Peter, I don't scan my emails - that's because I normally use
Thunderbird for email not Outlook (I have to use OL to handle meeting
requests though).

Brian, I cannot SEE the outgoing emails, they are not visible
ANYWHERE. The only things I can see is the number of emails due to be
sent (in the status bar) and the bounce messages from the seemingly
random selection of email addresess sent to so far

Here is the content of one of the bounce messages that shows the raw
content of the original (The XXXXX's are me, the YYYYYYYY's are the
recipient. I've left as much as I can in place):

=======================================================================
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es)
failed:

(e-mail address removed)
SMTP error from remote mail server after RCPT
TO:<[email protected]>:
host smtp.consulnetworks.com.co [200.29.236.22]:
554 5.7.1 <[email protected]>: Relay access denied

------ This is a copy of the message, including all the headers.
------

Return-path: <XXXXXXXXXXX@XXXXXXXXXXXX>
Received: from [192.168.32.161] (helo=md02.prod.pr.contact.secure-
ops.net)
by mail.nhs.net with esmtp (Exim 4.52)
id 1LhdWu-0003Fl-dt
for (e-mail address removed); Thu, 12 Mar 2009 05:32:28 +0000
Received: from mta01.prod.pr.contact.secure-ops.net (EHLO
mail.nhs.net) ([192.168.35.129])
by md02.pr.contact.secure-ops.net (MOS 3.8.3-GA FastPath queued)
with ESMTP id APO31208;
Tue, 10 Mar 2009 13:00:11 +0000 (GMT)
Received: from [84.92.201.33] (helo=XXXXXXXXXXX)
by mail.nhs.net with esmtpa (Exim 4.52)
id 1Lh1Jy-0003s5-YH
for (e-mail address removed); Tue, 10 Mar 2009 12:44:34 +0000
From: "Julian Knight" <XXXXXXXXXXXXXXX>
Sender: "Julian Knight" <XXXXXXXXXXXXXXX>
To: <[email protected]>
Subject: Not read: Not satisfied with your xliving?
Date: Tue, 10 Mar 2009 12:44:01 -0000
Organization: XXXXXXXXXXXXXXXXXXXXXXXXX
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: application/ms-tnef;
name="winmail.dat"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="winmail.dat"
X-Mailer: Microsoft Office Outlook 12.0
X-MS-TNEF-Correlator: 00000000AAF45B792554B64BB89BD0D37A3D98B2C40D5A00
Thread-Index: Ackf5BFM9jlbVONUS02xaqmWZ32fXCBmavef
CWInbound_ID: 1Lh1Jy-0003s5-YH
X-Junkmail-IP-Whitelist: YES (by domain ip whitelist at
md02.pr.contact.secure-ops.net)
X-Mirapoint-RAPID-Raw: score=unknown(0),
refid=str=0001.0A0B0209.49B6647E.00CE,ss=1,fgs=0,
ip=84.92.201.33,
so=2006-12-20 11:47:04,
dmn=5.7.1/2008-09-02
X-Mirapoint-Loop-Id: dc42598852e32b1cc801b963502584aa

eJ8+IiYMAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAFwAAAFJFUE9SVC5J
UE0uTm90ZS5JUE5OUk4AtwYBCoABACEAAABFQzlDQ0Y4Qjk2QzlGRjQxQkRFQUMwOTQ5OTY5QUY1
NACgBwEDkAYAfAIAABgAAAALACkAAAAAAEAAMgDQJiq9faHJAR4ASQABAAAAIQAAAE5vdCBzYXRp
c2ZpZWQgd2l0aCB5b3VyIHhsaXZpbmc/AAAAAAIBTAABAAAAaAAAAAAAAACBKx
+kvqMQGZ1uAN0B
D1QCAAABgGMAaQBjAGUAbAB5AAAAUwBNAFQAUAAAAGMAaQBjAGUAbAB5AC0AcwBlAHMAcwBpAHIA
YgBtAEAAWAAtAEYATwBPAEQAUwAuAEMATwBNAAAAHgBNAAEAAAAHAAAAY2ljZWx5AABAAE4AAKt9
EuQfyQFAAFUAAH5MEeQfyQEeAHAAAQAAACEAAABOb3Qgc2F0aXNmaWVkIHdpdGggeW91ciB4bGl2
aW5nPwAAAAACAXEAAQAAABsAAAAByR/
kEUz2OVtU41RLTbFqqZZnfZ9cIGZq958AHgByAAEAAAAB
AAAAAAAAAB4AcwABAAAAAQAAAAAAAAAeAHQAAQAAABkAAABqdWxpYW4xQGtuaWdodG5ldC5vcmcu
dWsAAAAACwAIDAAAAAALAAEOAQAAAAMAFA4BAAAAHgABEAEAAAAZAAAATWVzc2FnZSB3YXMgbm90
IHJlYWQgYnk6AAAAAAsAHw4BAAAAAgH4DwEAAAAQAAAAqvRbeSVUtku4m9DTej2YsgIB
+g8BAAAA
EAAAAKr0W3klVLZLuJvQ03o9mLIDAP4PBQAAAAMADTT9P6UGAwAPNP0/
pQYCARQ0AQAAABAAAABO
SVRB+b+4AQCqADfZbgAAAgF/
AAEAAAAxAAAAMDAwMDAwMDBBQUY0NUI3OTI1NTRCNjRCQjg5QkQw
RDM3QTNEOThCMkM0MEQ1QTAwAAAAAAeI

=======================================================================
 
D

Diane Poremsky [MVP]

Subject: Not read: Not satisfied with your xliving?
It's the read receipt bug. (http://www.slipstick.com/problems/rr_ndr.asp)

RR are hidden in the top of your message store until you connect - you can
delete them only using a tool such as outlook spy. Most, if not all, of
yours will bounce (since spammers use fake return addresses), so no harm,
other than the annoyance of deleting all of the NDRs they cause. See
http://www.outlook-tips.net/howto/delete_rr.htm if you want to delete them.

I would also suggest installing the cumulative update. I don't know if it
fixes this bug but it does improve how outlook handles IMAP.

--
Diane Poremsky [MVP - Outlook]
Need Help with Common Tasks? http://www.outlook-tips.net/beginner/
Outlook 2007: http://www.slipstick.com/outlook/ol2007/



Exchange Messaging Outlook newsletter:
(e-mail address removed)




You can access this newsgroup by visiting
http://www.microsoft.com/office/community/en-us/default.mspx or point your
newsreader to msnews.microsoft.com.


Knightnet said:
Thanks Peter and Brian for replying.

Peter, I don't scan my emails - that's because I normally use
Thunderbird for email not Outlook (I have to use OL to handle meeting
requests though).

Brian, I cannot SEE the outgoing emails, they are not visible
ANYWHERE. The only things I can see is the number of emails due to be
sent (in the status bar) and the bounce messages from the seemingly
random selection of email addresess sent to so far

Here is the content of one of the bounce messages that shows the raw
content of the original (The XXXXX's are me, the YYYYYYYY's are the
recipient. I've left as much as I can in place):

=======================================================================
This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es)
failed:

(e-mail address removed)
SMTP error from remote mail server after RCPT
TO:<[email protected]>:
host smtp.consulnetworks.com.co [200.29.236.22]:
554 5.7.1 <[email protected]>: Relay access denied

------ This is a copy of the message, including all the headers.
------

Return-path: <XXXXXXXXXXX@XXXXXXXXXXXX>
Received: from [192.168.32.161] (helo=md02.prod.pr.contact.secure-
ops.net)
by mail.nhs.net with esmtp (Exim 4.52)
id 1LhdWu-0003Fl-dt
for (e-mail address removed); Thu, 12 Mar 2009 05:32:28 +0000
Received: from mta01.prod.pr.contact.secure-ops.net (EHLO
mail.nhs.net) ([192.168.35.129])
by md02.pr.contact.secure-ops.net (MOS 3.8.3-GA FastPath queued)
with ESMTP id APO31208;
Tue, 10 Mar 2009 13:00:11 +0000 (GMT)
Received: from [84.92.201.33] (helo=XXXXXXXXXXX)
by mail.nhs.net with esmtpa (Exim 4.52)
id 1Lh1Jy-0003s5-YH
for (e-mail address removed); Tue, 10 Mar 2009 12:44:34 +0000
From: "Julian Knight" <XXXXXXXXXXXXXXX>
Sender: "Julian Knight" <XXXXXXXXXXXXXXX>
To: <[email protected]>
Subject: Not read: Not satisfied with your xliving?
Date: Tue, 10 Mar 2009 12:44:01 -0000
Organization: XXXXXXXXXXXXXXXXXXXXXXXXX
Message-ID: <[email protected]>
MIME-Version: 1.0
Content-Type: application/ms-tnef;
name="winmail.dat"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="winmail.dat"
X-Mailer: Microsoft Office Outlook 12.0
X-MS-TNEF-Correlator: 00000000AAF45B792554B64BB89BD0D37A3D98B2C40D5A00
Thread-Index: Ackf5BFM9jlbVONUS02xaqmWZ32fXCBmavef
CWInbound_ID: 1Lh1Jy-0003s5-YH
X-Junkmail-IP-Whitelist: YES (by domain ip whitelist at
md02.pr.contact.secure-ops.net)
X-Mirapoint-RAPID-Raw: score=unknown(0),
refid=str=0001.0A0B0209.49B6647E.00CE,ss=1,fgs=0,
ip=84.92.201.33,
so=2006-12-20 11:47:04,
dmn=5.7.1/2008-09-02
X-Mirapoint-Loop-Id: dc42598852e32b1cc801b963502584aa

eJ8+IiYMAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAFwAAAFJFUE9SVC5J
UE0uTm90ZS5JUE5OUk4AtwYBCoABACEAAABFQzlDQ0Y4Qjk2QzlGRjQxQkRFQUMwOTQ5OTY5QUY1
NACgBwEDkAYAfAIAABgAAAALACkAAAAAAEAAMgDQJiq9faHJAR4ASQABAAAAIQAAAE5vdCBzYXRp
c2ZpZWQgd2l0aCB5b3VyIHhsaXZpbmc/AAAAAAIBTAABAAAAaAAAAAAAAACBKx
+kvqMQGZ1uAN0B
D1QCAAABgGMAaQBjAGUAbAB5AAAAUwBNAFQAUAAAAGMAaQBjAGUAbAB5AC0AcwBlAHMAcwBpAHIA
YgBtAEAAWAAtAEYATwBPAEQAUwAuAEMATwBNAAAAHgBNAAEAAAAHAAAAY2ljZWx5AABAAE4AAKt9
EuQfyQFAAFUAAH5MEeQfyQEeAHAAAQAAACEAAABOb3Qgc2F0aXNmaWVkIHdpdGggeW91ciB4bGl2
aW5nPwAAAAACAXEAAQAAABsAAAAByR/
kEUz2OVtU41RLTbFqqZZnfZ9cIGZq958AHgByAAEAAAAB
AAAAAAAAAB4AcwABAAAAAQAAAAAAAAAeAHQAAQAAABkAAABqdWxpYW4xQGtuaWdodG5ldC5vcmcu
dWsAAAAACwAIDAAAAAALAAEOAQAAAAMAFA4BAAAAHgABEAEAAAAZAAAATWVzc2FnZSB3YXMgbm90
IHJlYWQgYnk6AAAAAAsAHw4BAAAAAgH4DwEAAAAQAAAAqvRbeSVUtku4m9DTej2YsgIB
+g8BAAAA
EAAAAKr0W3klVLZLuJvQ03o9mLIDAP4PBQAAAAMADTT9P6UGAwAPNP0/
pQYCARQ0AQAAABAAAABO
SVRB+b+4AQCqADfZbgAAAgF/
AAEAAAAxAAAAMDAwMDAwMDBBQUY0NUI3OTI1NTRCNjRCQjg5QkQw
RDM3QTNEOThCMkM0MEQ1QTAwAAAAAAeI

=======================================================================



Can you post an example of one of these messages?
 
K

Knightnet

Diane, thanks for the response.

I've checked for this problem and as far as I can see, my problem is
different. For starters, this account does not get junk mail (well
maybe one or two a YEAR), certainly not 500. Secondly, I haven't moved
anything to the Junk folder and I've checked the IMAP server directly
and there is nothing hidden away there that I can see in any folder.

Doh!! I just decoded that email and found the text "Message was not
read by" hidden in it so I guess you are right!

I've tried the methods outlined elsewhere to try and fix this problem
and didn't find anything to fix.

How do I get rid of these messages & where did they come from since I
can't see the "junk" messages that must have caused them?

I've now turned off the OL junk handling but reciept handling was
already set to "ask me" - so OL simply should not have been able to
send these responses without my input.

Regards,
Julian.
 
K

Knightnet

Yeah, got it now thanks!

As I said in my previous mail, I'd tried OL spy, etc without luck
which is why I thought it was a different issue. I will try again.

I think I've got all the updates & I can't seem to check at the moment
as I can't connect to WU - not sure if the problem is on the MS end or
the ISA proxy here on the customer site I'm on. I'll try again from
home later.

Thanks again Diane for spotting this.

Regards, Julian.
 
D

Diane Poremsky [MVP]

I've now turned off the OL junk handling but reciept handling was
already set to "ask me" - so OL simply should not have been able to
send these responses without my input.

the bug is it doesn't honor this settings when it refreshes messages in an
IMAP folder that were deleted by another means. There may be other bugs
along the route that may or may not be outlook's fault - like so many RR
requests on junk mail. It seems like you are getting a lot more than
average RR - I get very few per hundred pieces of junk that hit my mailbox.
(Maybe my server side filters filter out spam with RR requests better than
it gets rid of other spam. :) )

--
Diane Poremsky [MVP - Outlook]
Need Help with Common Tasks? http://www.outlook-tips.net/beginner/
Outlook 2007: http://www.slipstick.com/outlook/ol2007/



Exchange Messaging Outlook newsletter:
(e-mail address removed)




You can access this newsgroup by visiting
http://www.microsoft.com/office/community/en-us/default.mspx or point your
newsreader to msnews.microsoft.com.
 
B

Brian Tillman [MVP - Outlook]

I think I've got all the updates & I can't seem to check at the moment
as I can't connect to WU

The cumulative update doesn't get loaded by WU. It's a hotfix. You must go
get it.
 
K

Knightnet

It's weird that I'm not seeing these junk messages at all.

I wonder if something on the mail server is deleting stuff without
being asked to (by me at any rate). I wouldn't be that surprised as
this is a service run by a very large corporation on behalf of one of
the biggest employers on the planet. So it is too much to hope that it
might run well.

Hmph! Maybe that's why messages sometimes disappear when going through
this system!

Anyway, I've never liked OL's handling of IMAP, it has always been
slow and clunky I'm afraid which is why I use Thunderbird for my main
email client. Now I know what is going on, I think that it's easier
just to let OL do it's thing - if anyone complains at least I have a
clear explanation for them thanks to your help.

Regards,
Julian.
 
K

Knightnet

BTW, I've run a check for updates and found none so I can only assume
that I have the latest.

Regards,
Julian.
 
K

Knightnet

What the .....!!??!!??

Come on! What the hell is WU for then if it doesn't deliver all the
required updates! I don't have the time to chase down rogue updates on
top of everything else - come on MS.

Sorry, I'm not "shooting the messenger" here just frustrated by
companies seemingly determined to make life harder for their
customers. One of the reasons for using MS software SHOULD be the
integrated support we can expect.

"a series of performance and reliability improvements that have been
consolidated into a single package for our customers" (http://
blogs.msdn.com/outlook/archive/2009/02/25/announcing-the-february-
cumulative-update-for-outlook-2007.aspx)

If it was "for our customers", MS shouldn't make us go look for it!
For goodness sake, put it on WU under Office Updates where it belongs.

//rant off//

Thanks for the heads-up Brian, downloading now.

Regards, Julian.
 
K

Knightnet

Doh2: Well of course, now that I've calmed down and thought about it
more, I should have realised that I recently added another account
into Outlook. That account DOES get spam, lots actually as it is an
old account. The final missing piece of the jigsaw was that the
account doing the sending is, of course, the default account.

This is a rather serious bug! Not only does it send stuff it doesn't
have permission to send, it sends it from the default account instead
of the correct account.

I've installed the update, I can't of course tell whether the problem
is fixed. Currently OL tells me it is synchronising all of the folders
from all accounts, I'll let it finish because I would like to really
assess how much better the new IMAP handling is. It is currently
estimating 3 hours to finish the sync (well there is archived email
back as far as the 1990's in that account!). Perhaps if OL handles
IMAP much better than it used to (it would need to be at least as good
as Thunderbird), I could go back to using just OL.
 
K

Knightnet

Doh2: Well of course, now that I've calmed down and thought about it
more, I should have realised that I recently added another account
into Outlook. That account DOES get spam, lots actually as it is an
old account. The final missing piece of the jigsaw was that the
account doing the sending is, of course, the default account.

This is a rather serious bug! Not only does it send stuff it doesn't
have permission to send, it sends it from the default account instead
of the correct account.

I've installed the update, I can't of course tell whether the problem
is fixed. Currently OL tells me it is synchronising all of the folders
from all accounts, I'll let it finish because I would like to really
assess how much better the new IMAP handling is. It is currently
estimating 3 hours to finish the sync (well there is archived email
back as far as the 1990's in that account!). Perhaps if OL handles
IMAP much better than it used to (it would need to be at least as good
as Thunderbird), I could go back to using just OL.
 
K

Knightnet

Doh2: Well of course, now that I've calmed down and thought about it
more, I should have realised that I recently added another account
into Outlook. That account DOES get spam, lots actually as it is an
old account. The final missing piece of the jigsaw was that the
account doing the sending is, of course, the default account.

This is a rather serious bug! Not only does it send stuff it doesn't
have permission to send, it sends it from the default account instead
of the correct account.

I've installed the update, I can't of course tell whether the problem
is fixed. Currently OL tells me it is synchronising all of the folders
from all accounts, I'll let it finish because I would like to really
assess how much better the new IMAP handling is. It is currently
estimating 3 hours to finish the sync (well there is archived email
back as far as the 1990's in that account!). Perhaps if OL handles
IMAP much better than it used to (it would need to be at least as good
as Thunderbird), I could go back to using just OL.
 
T

Tadjio

I followed your link and read further:

"Hotfix information
A supported hotfix is available from Microsoft. However, this hotfix is
intended to correct only the problem that is described in this article.
Apply this hotfix only to systems that are experiencing the problem
described in this article. This hotfix might receive additional testing.
Therefore, if you are not severely affected by this problem, we recommend
that you wait for the next software update that contains this hotfix."

This might alleviate your rant?
--
Tadjio

What the .....!!??!!??

Come on! What the hell is WU for then if it doesn't deliver all the
required updates! I don't have the time to chase down rogue updates on
top of everything else - come on MS.

Sorry, I'm not "shooting the messenger" here just frustrated by
companies seemingly determined to make life harder for their
customers. One of the reasons for using MS software SHOULD be the
integrated support we can expect.

"a series of performance and reliability improvements that have been
consolidated into a single package for our customers" (http://
blogs.msdn.com/outlook/archive/2009/02/25/announcing-the-february-
cumulative-update-for-outlook-2007.aspx)

If it was "for our customers", MS shouldn't make us go look for it!
For goodness sake, put it on WU under Office Updates where it belongs.

//rant off//

Thanks for the heads-up Brian, downloading now.

Regards, Julian.
 
D

Diane Poremsky [MVP]

The cumulative update is not available on windows update yet AFAIK - it's
outlook's sp2 but won't be on windows update until sp2 is released.
Microsoft that it was important to release it ahead of the sp and put it out
through the hotfix system. See
http://www.slipstick.com/emo/2009/up090226.htm#1 for links and more info.

If you have it, Help about will say sp2, build 12.0.6341.5000

--
Diane Poremsky [MVP - Outlook]



Outlook Tips by email:
mailto:[email protected]

EMO - a weekly newsletter about Outlook and Exchange:
mailto:[email protected]

You can access this newsgroup by visiting
http://www.microsoft.com/office/community/en-us/default.mspx or point your
newsreader to msnews.microsoft.com.
 
B

Brian Tillman [MVP - Outlook]

Come on! What the hell is WU for then if it doesn't deliver all the
required updates! I don't have the time to chase down rogue updates on
top of everything else - come on MS.

Two things: 1) hotfixes are not "required updates" and 2) hotfixes have never
been delivered via WU. If you want something delivered by WU, wait until SP2
is released.
 
K

Knightnet

Thanks to everyone for their responses.

I'm afraid though that the rant stands. I dropped a comment on Jimmy
May's blog about availability on WU and he agreed that it was a good
question.

# Julian Knight said on March 12, 2009 4:40 PM:

" You should feel absolutely confident in advising your
customers to download, install, and ultimately deploy this package
within their infrastructure. This package represents a roll-up of
performance related improvements that delivers what we believe to be
the highest quality version of Outlook that Microsoft has released to
date."

So why hasn't this been made available on WU?

Regards, Julian.
# Jimmy May said on March 12, 2009 5:09 PM:

Great question. I'm seeking info from the product group right
now. Stay tuned.

Julian, this is the most exciting update since Vista SP1. Go for
it.




However, I can also confirm that this update DOES NOT resolve this
really critical bug.
Sadly, although the SP2 update does indeed make OL much faster with
IMAP, I still can't use it as my main mail client with this bug in.

To reproduce the bug:
1) Make sure that OL is set either not to send reply requests or is
set to prompt for them
2) Set up an IMAP account and set it as the default account and that
doesn't receive spam
3) Set up a second IMAP account that does receive spam emails
4) Restart OL and see that the DEFAULT account is sending emails that
do not appear in any folder. Checking the content of the emails
reveals that they are reply requested responses from the 2nd account
not the default one
5) Panic as you realise that your supposedly secure, spam-free account
is broadcasting rubbish to the world!

6) Go offline
7) Remove the spammy account
8) See that the outgoing queue is suddenly empty.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top