A Symantec Endpoint Protection (SEP) client which has the optional email scanning tools (Outlook Scanner, Notes Scanner, or POP3/SMTP Scanner) installed displays many pop-up warnings or errors about messages that could not be sent. This occurs even when the user has not sent any mail from the email client (Microsoft Outlook, Mozilla Thunderbird, or similar).
Pop-up messages will be similar to:
Your email message was unable to be sent because your mail server rejected the recipient: 554 Too many recipients
Your email message was unable to be sent because your mail server rejected the message: 554 5.7.1 Message rejected under the suspicion of SPAM (1003,11)
Your email message was unable to be sent because your mail server rejected the message: 571 Message Refused
Your email message was unable to be sent because your mail server rejected the message: 551 5.7.1
"Your email message to [email address of recipient] with the subject [email subject] was unable to be sent . . ." (1003,9)
Spam is often sent from botnets of compromised computers. If a large numbers of the errors listed above are appearing, it is possible that the computer have been infected by an undetected threat and is being used to send unwanted commercial email (UCE).
If subject lines and recipients are displayed, examine them to determine whether emails were intentionally sent from the mail client. If not, isolate the computer from the network and follow the steps in knowledge base article TECH122466 to determine whether an undetected threat is operating on this computer. It is often helpful to check what program is using common mail ports by running netstat -ao from the Command Prompt in order to learn what process is communicating on port 25.
Imported Document ID: TECH122425
Subscribing will provide email updates when this Article is updated. Login is required.