Solved

Spam to Unresolved Recipients @ourdomain putting huge load on my server

Posted on 2004-08-25
16
445 Views
Last Modified: 2008-02-01
I am running Windows 2000 Small Business Server SP4 with Exchange Server 2000 (says Ver 6.0 SP3). This server also hosts our website using IIS/ISA and our email and is the local proxy and domain controller for our small network.

I am chasing two Spam issues. This one is incoming spam addressed to unresolved recipients in our domain. Currently we are processing about 1000 of these messages an hour 24/7, each one resulting in an NDR that usually fails (fake return address) and goes to the retry queue, and ultimately ends up in the bad mail folder.

So far I have only done research, and set up a twice daily scheduled task to delete the tens of thousands of files from the bad mail folder. I am preparing to install Symantec Mail Security in hopes that using RBLs will cut down what traffic is accepted by the SMTP server.  We also run I Hate Spam and I plan to look into anything that software might do to help.

On MS TechNet I found the article "How to forward mail with unresolved recipients to a single mailbox" ( http://support.microsoft.com/?id=315631 ). Although I would have to hire a VB programmer to compile the Event Sink, this looks like one possible solution, the trade of being that legitimate misdirected mail would never get an NDR.

Another solution is to contract with an email forwarding service and let them deal with the load, the downside here being cost for which I have no budget.

My question is: What is the Best Practice for dealing with Unresolved Recipients with MS Exchange?

Jon
0
Comment
Question by:BRT-Tech
  • 10
  • 6
16 Comments
 
LVL 15

Expert Comment

by:Yan_west
ID: 11892586
Hmm, check out Of your server is not an open spam relay 1st..That is when you will get a lot of stuff in there...

People do what you are already doing, a batch file that delete everything in the task scheduler.. you could turn off the NDR, but like you said, people wont receive it for legetimate addresses...


0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11892645
There is this tool for Exchange 2003.. you might want to test it with 2000 to see if it works..

"Automatically deletes or archives files in the badmail directory of specified SMTP virtual servers. Ensures that the size of the badmail directory does not exceed specific size limits and eliminates the administrative overhead of manually archiving or deleting these files."


http://www.microsoft.com/downloads/details.aspx?FamilyId=782AAF0F-6239-40AD-ADDA-97863D852FF7&displaylang=en
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11892704
0
 

Author Comment

by:BRT-Tech
ID: 11896936
OK Yan,

Thank you for those links, I'll check them out.

We are not an open relay, but we have had break-ins using authenticated relay to send spam. Those holes are now closed (I hope).

99% of the garbage is going to domain users that do not exist, thus the NDR goes back. The problem really isn't the growth of the badmail folder, it's the overhead of the NDR's trying to be sent back, and the retry.

Any one else?
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11896946
Are you sure you do not want to disable NDR sending?
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11896989
BTW, I verified the Badmail tool from

http://www.microsoft.com/downloads/details.aspx?FamilyId=782AAF0F-6239-40AD-ADDA-97863D852FF7&displaylang=en, and it'S compatible with exchange 2000..

From the user guide:

"Use the badmail deletion and archival script to schedule the automatic deletion or archival of files in the Badmail directory of specified Simple Mail Transfer Protocol (SMTP) virtual servers on Microsoft® Exchange 2000 or Exchange 2003 servers, or clusters running on Microsoft Windows 2000 Server or Windows Server™ 2003. With this script, you can ensure that the size of the Badmail directory does not exceed specific size limits, thereby eliminating the administrative overhead of manually archiving or deleting these files.
It is recommended that this script be run as a scheduled event at non-peak usage hours, when mail flow and network traffic is low."

And this tool comes directly from microsoft..
0
 

Author Comment

by:BRT-Tech
ID: 11897116
Thank you Yan,

"Are you sure you do not want to disable NDR sending?"

If this were possible in my version of Exchange I would do it. I am running Exchange 2000 (says it is Ver 6, but I think commonly known as 5.5). If it is possible, then I missed it.

The BadMail tool from MS sounds fine, but my simple scheduled batch file is doing just fine since I don't need to archive, just delete files. I'll check it out anyway.
0
 
LVL 15

Accepted Solution

by:
Yan_west earned 500 total points
ID: 11897188
For exchange 2000, yes you can:

To disable NDR on Exchange.
Exchange manager, Global Settings, Internet Message Format, right click on the default and choose Properties. Select the Advanced tab and disable "Allow Non Delivery Reports".

Voila! :)
0
Will my email signature work in Office 365?

You've built an email signature using raw HTML code in Office 365, but you can't review how it looks with Transport Rules. So you have to test it over and over again before it can be used. Isn't this a bit of a waste of your time? Wouldn't a WYSIWYG editor make it a lot easier?

 
LVL 15

Expert Comment

by:Yan_west
ID: 11897194
btw, 5.5 is not exchange 2000, it's a different version.
0
 

Author Comment

by:BRT-Tech
ID: 11897283
Cool.

I'll Implement that in the morning (it's 5 here now) and if it works, you just won the points!

Jon
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11898484
thanks ;)
0
 

Author Comment

by:BRT-Tech
ID: 11904836
Thanks Yan,

I disabled NDR's today. Found the setting exactly where you said to look.

It will take a few days for all the retries to flush out of the queue. There are too many to delete by hand, and I don't want to accidentally delete some real mail.

I'm not sure this is the absolute best solution, since my users will no longer get NDR's when the enter a totally crappy address that can't be resolved, but it should get my traffic issue under control.

Will all the incoming mail with bad addresses now go directly to the badmail folder?

Jon

0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11904992
Yes they will... like always..

you cannot prevent that, there is nothing to do exept empty it each week.. I've searched alot for a solution for this a couple of months ago, and that's the best solution there was...
0
 

Author Comment

by:BRT-Tech
ID: 11906386
Thanks :)
0
 

Author Comment

by:BRT-Tech
ID: 12019996
Just a follow-up post....

Several days after I disabled NDR's the outgoing SMTP queues cleared up and the processor load on the server went down under 15%. This is a HUGE improvement.

Since then I have implemented Symantec's Mail Security 4.5 for Exchange and the RBL's are blocking better than 20,000 connect attempts per day. Now the processor load is averaging under 5%.

Thank you!

Jon
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12020052
Great! :) Glad we could help you..
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We are happy to announce a brand new addition to our line of acclaimed email signature management products – CodeTwo Email Signatures for Office 365.
This article aims to explain the working of CircularLogArchiver. This tool was designed to solve the buildup of log file in cases where systems do not support circular logging or where circular logging is not enabled
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now