Solved

Spam to Unresolved Recipients @ourdomain putting huge load on my server

Posted on 2004-08-25
16
444 Views
Last Modified: 2008-02-01
I am running Windows 2000 Small Business Server SP4 with Exchange Server 2000 (says Ver 6.0 SP3). This server also hosts our website using IIS/ISA and our email and is the local proxy and domain controller for our small network.

I am chasing two Spam issues. This one is incoming spam addressed to unresolved recipients in our domain. Currently we are processing about 1000 of these messages an hour 24/7, each one resulting in an NDR that usually fails (fake return address) and goes to the retry queue, and ultimately ends up in the bad mail folder.

So far I have only done research, and set up a twice daily scheduled task to delete the tens of thousands of files from the bad mail folder. I am preparing to install Symantec Mail Security in hopes that using RBLs will cut down what traffic is accepted by the SMTP server.  We also run I Hate Spam and I plan to look into anything that software might do to help.

On MS TechNet I found the article "How to forward mail with unresolved recipients to a single mailbox" ( http://support.microsoft.com/?id=315631 ). Although I would have to hire a VB programmer to compile the Event Sink, this looks like one possible solution, the trade of being that legitimate misdirected mail would never get an NDR.

Another solution is to contract with an email forwarding service and let them deal with the load, the downside here being cost for which I have no budget.

My question is: What is the Best Practice for dealing with Unresolved Recipients with MS Exchange?

Jon
0
Comment
Question by:BRT-Tech
  • 10
  • 6
16 Comments
 
LVL 15

Expert Comment

by:Yan_west
Comment Utility
Hmm, check out Of your server is not an open spam relay 1st..That is when you will get a lot of stuff in there...

People do what you are already doing, a batch file that delete everything in the task scheduler.. you could turn off the NDR, but like you said, people wont receive it for legetimate addresses...


0
 
LVL 15

Expert Comment

by:Yan_west
Comment Utility
There is this tool for Exchange 2003.. you might want to test it with 2000 to see if it works..

"Automatically deletes or archives files in the badmail directory of specified SMTP virtual servers. Ensures that the size of the badmail directory does not exceed specific size limits and eliminates the administrative overhead of manually archiving or deleting these files."


http://www.microsoft.com/downloads/details.aspx?FamilyId=782AAF0F-6239-40AD-ADDA-97863D852FF7&displaylang=en
0
 
LVL 15

Expert Comment

by:Yan_west
Comment Utility
0
 

Author Comment

by:BRT-Tech
Comment Utility
OK Yan,

Thank you for those links, I'll check them out.

We are not an open relay, but we have had break-ins using authenticated relay to send spam. Those holes are now closed (I hope).

99% of the garbage is going to domain users that do not exist, thus the NDR goes back. The problem really isn't the growth of the badmail folder, it's the overhead of the NDR's trying to be sent back, and the retry.

Any one else?
0
 
LVL 15

Expert Comment

by:Yan_west
Comment Utility
Are you sure you do not want to disable NDR sending?
0
 
LVL 15

Expert Comment

by:Yan_west
Comment Utility
BTW, I verified the Badmail tool from

http://www.microsoft.com/downloads/details.aspx?FamilyId=782AAF0F-6239-40AD-ADDA-97863D852FF7&displaylang=en, and it'S compatible with exchange 2000..

From the user guide:

"Use the badmail deletion and archival script to schedule the automatic deletion or archival of files in the Badmail directory of specified Simple Mail Transfer Protocol (SMTP) virtual servers on Microsoft® Exchange 2000 or Exchange 2003 servers, or clusters running on Microsoft Windows 2000 Server or Windows Server™ 2003. With this script, you can ensure that the size of the Badmail directory does not exceed specific size limits, thereby eliminating the administrative overhead of manually archiving or deleting these files.
It is recommended that this script be run as a scheduled event at non-peak usage hours, when mail flow and network traffic is low."

And this tool comes directly from microsoft..
0
 

Author Comment

by:BRT-Tech
Comment Utility
Thank you Yan,

"Are you sure you do not want to disable NDR sending?"

If this were possible in my version of Exchange I would do it. I am running Exchange 2000 (says it is Ver 6, but I think commonly known as 5.5). If it is possible, then I missed it.

The BadMail tool from MS sounds fine, but my simple scheduled batch file is doing just fine since I don't need to archive, just delete files. I'll check it out anyway.
0
 
LVL 15

Accepted Solution

by:
Yan_west earned 500 total points
Comment Utility
For exchange 2000, yes you can:

To disable NDR on Exchange.
Exchange manager, Global Settings, Internet Message Format, right click on the default and choose Properties. Select the Advanced tab and disable "Allow Non Delivery Reports".

Voila! :)
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 15

Expert Comment

by:Yan_west
Comment Utility
btw, 5.5 is not exchange 2000, it's a different version.
0
 

Author Comment

by:BRT-Tech
Comment Utility
Cool.

I'll Implement that in the morning (it's 5 here now) and if it works, you just won the points!

Jon
0
 
LVL 15

Expert Comment

by:Yan_west
Comment Utility
thanks ;)
0
 

Author Comment

by:BRT-Tech
Comment Utility
Thanks Yan,

I disabled NDR's today. Found the setting exactly where you said to look.

It will take a few days for all the retries to flush out of the queue. There are too many to delete by hand, and I don't want to accidentally delete some real mail.

I'm not sure this is the absolute best solution, since my users will no longer get NDR's when the enter a totally crappy address that can't be resolved, but it should get my traffic issue under control.

Will all the incoming mail with bad addresses now go directly to the badmail folder?

Jon

0
 
LVL 15

Expert Comment

by:Yan_west
Comment Utility
Yes they will... like always..

you cannot prevent that, there is nothing to do exept empty it each week.. I've searched alot for a solution for this a couple of months ago, and that's the best solution there was...
0
 

Author Comment

by:BRT-Tech
Comment Utility
Thanks :)
0
 

Author Comment

by:BRT-Tech
Comment Utility
Just a follow-up post....

Several days after I disabled NDR's the outgoing SMTP queues cleared up and the processor load on the server went down under 15%. This is a HUGE improvement.

Since then I have implemented Symantec's Mail Security 4.5 for Exchange and the RBL's are blocking better than 20,000 connect attempts per day. Now the processor load is averaging under 5%.

Thank you!

Jon
0
 
LVL 15

Expert Comment

by:Yan_west
Comment Utility
Great! :) Glad we could help you..
0

Featured Post

Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

Join & Write a Comment

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
how to add IIS SMTP to handle application/Scanner relays into office 365.
This video discusses moving either the default database or any database to a new volume.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now