EvanStein
asked on
Undeliverable Emails notifications but we never sent the original email
We're getting a lot of "undeliverable email" notices being returned to us, but the original emails were never sent from here. I understand how this is done (someone outside my organization changing the return address before sending a mass email). My question is is there some way for me to block these "undeliverable"s for emails that didn't originate here but still allow legitimate undeliverable email notices to come through.
We're running Exchange Server 2003.
We're running Exchange Server 2003.
ASKER
A legitimate undeliverable email would be one in response to an email that originates from within our organization. that's my questions. Can Exchange make this determination and if so, what can I do to prevent the non-legitimate responses from getting back to my users inboxes.
One of my users came in to 400 undeliverable emails notices this morning and none of them were from an email he had sent out.
If I can't determine what's legitimate and what's not, can I block all of them (not sure I want to do that, but good to know just in case)
One of my users came in to 400 undeliverable emails notices this morning and none of them were from an email he had sent out.
If I can't determine what's legitimate and what's not, can I block all of them (not sure I want to do that, but good to know just in case)
I've never heard of a way for it to know what's valid and what's not and block the invalid ones. If someone spoofs your domain, not much you can do (Though an SPF record helps cut down on the spoofing if the recipients use SPF.)
To turn the undeliverables off completely, go to the Exchange system manager, go to Global Settings, Internet Message Format. Click on each domain you have (Or just *) and go to advanced. Uncheck non-delivery reports. This will stop all NDRs from going out.
However, if your users are receiving NDRs from outside mail servers that are replying to the spoofed emails your domain "sent" then you're stuck (And this sounds like what you're looking for.)
To turn the undeliverables off completely, go to the Exchange system manager, go to Global Settings, Internet Message Format. Click on each domain you have (Or just *) and go to advanced. Uncheck non-delivery reports. This will stop all NDRs from going out.
However, if your users are receiving NDRs from outside mail servers that are replying to the spoofed emails your domain "sent" then you're stuck (And this sounds like what you're looking for.)
400 E-Mails in one morning?
Are you sure you're not possibly set up as a relay? Have you checked the queues on your server?
Nevertheless, there are actually ways to deal with this, but nothing as simple as what I'm guessing you're looking for. Be sure to check out the secure encryption sections on this page: http://spamlinks.net/prevent-secure-backscatter.htm
400 notices in one more seems to be more of a problem than just a little backscatter though. I'd make sure your workstations aren't relaying through a malware/trojanned SMTP server. I'd also make sure that your directory isn't open for harvesting such that your real e-mail addresses are all getting out.
Are you sure you're not possibly set up as a relay? Have you checked the queues on your server?
Nevertheless, there are actually ways to deal with this, but nothing as simple as what I'm guessing you're looking for. Be sure to check out the secure encryption sections on this page: http://spamlinks.net/prevent-secure-backscatter.htm
400 notices in one more seems to be more of a problem than just a little backscatter though. I'd make sure your workstations aren't relaying through a malware/trojanned SMTP server. I'd also make sure that your directory isn't open for harvesting such that your real e-mail addresses are all getting out.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
To the best of my knowledge, no, as you will likely get these mails from valid domains.