Solved

Spam to Unresolved Recipients @ourdomain putting huge load on my server

Posted on 2004-08-25
16
446 Views
Last Modified: 2008-02-01
I am running Windows 2000 Small Business Server SP4 with Exchange Server 2000 (says Ver 6.0 SP3). This server also hosts our website using IIS/ISA and our email and is the local proxy and domain controller for our small network.

I am chasing two Spam issues. This one is incoming spam addressed to unresolved recipients in our domain. Currently we are processing about 1000 of these messages an hour 24/7, each one resulting in an NDR that usually fails (fake return address) and goes to the retry queue, and ultimately ends up in the bad mail folder.

So far I have only done research, and set up a twice daily scheduled task to delete the tens of thousands of files from the bad mail folder. I am preparing to install Symantec Mail Security in hopes that using RBLs will cut down what traffic is accepted by the SMTP server.  We also run I Hate Spam and I plan to look into anything that software might do to help.

On MS TechNet I found the article "How to forward mail with unresolved recipients to a single mailbox" ( http://support.microsoft.com/?id=315631 ). Although I would have to hire a VB programmer to compile the Event Sink, this looks like one possible solution, the trade of being that legitimate misdirected mail would never get an NDR.

Another solution is to contract with an email forwarding service and let them deal with the load, the downside here being cost for which I have no budget.

My question is: What is the Best Practice for dealing with Unresolved Recipients with MS Exchange?

Jon
0
Comment
Question by:BRT-Tech
  • 10
  • 6
16 Comments
 
LVL 15

Expert Comment

by:Yan_west
ID: 11892586
Hmm, check out Of your server is not an open spam relay 1st..That is when you will get a lot of stuff in there...

People do what you are already doing, a batch file that delete everything in the task scheduler.. you could turn off the NDR, but like you said, people wont receive it for legetimate addresses...


0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11892645
There is this tool for Exchange 2003.. you might want to test it with 2000 to see if it works..

"Automatically deletes or archives files in the badmail directory of specified SMTP virtual servers. Ensures that the size of the badmail directory does not exceed specific size limits and eliminates the administrative overhead of manually archiving or deleting these files."


http://www.microsoft.com/downloads/details.aspx?FamilyId=782AAF0F-6239-40AD-ADDA-97863D852FF7&displaylang=en
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11892704
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:BRT-Tech
ID: 11896936
OK Yan,

Thank you for those links, I'll check them out.

We are not an open relay, but we have had break-ins using authenticated relay to send spam. Those holes are now closed (I hope).

99% of the garbage is going to domain users that do not exist, thus the NDR goes back. The problem really isn't the growth of the badmail folder, it's the overhead of the NDR's trying to be sent back, and the retry.

Any one else?
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11896946
Are you sure you do not want to disable NDR sending?
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11896989
BTW, I verified the Badmail tool from

http://www.microsoft.com/downloads/details.aspx?FamilyId=782AAF0F-6239-40AD-ADDA-97863D852FF7&displaylang=en, and it'S compatible with exchange 2000..

From the user guide:

"Use the badmail deletion and archival script to schedule the automatic deletion or archival of files in the Badmail directory of specified Simple Mail Transfer Protocol (SMTP) virtual servers on Microsoft® Exchange 2000 or Exchange 2003 servers, or clusters running on Microsoft Windows 2000 Server or Windows Server™ 2003. With this script, you can ensure that the size of the Badmail directory does not exceed specific size limits, thereby eliminating the administrative overhead of manually archiving or deleting these files.
It is recommended that this script be run as a scheduled event at non-peak usage hours, when mail flow and network traffic is low."

And this tool comes directly from microsoft..
0
 

Author Comment

by:BRT-Tech
ID: 11897116
Thank you Yan,

"Are you sure you do not want to disable NDR sending?"

If this were possible in my version of Exchange I would do it. I am running Exchange 2000 (says it is Ver 6, but I think commonly known as 5.5). If it is possible, then I missed it.

The BadMail tool from MS sounds fine, but my simple scheduled batch file is doing just fine since I don't need to archive, just delete files. I'll check it out anyway.
0
 
LVL 15

Accepted Solution

by:
Yan_west earned 500 total points
ID: 11897188
For exchange 2000, yes you can:

To disable NDR on Exchange.
Exchange manager, Global Settings, Internet Message Format, right click on the default and choose Properties. Select the Advanced tab and disable "Allow Non Delivery Reports".

Voila! :)
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11897194
btw, 5.5 is not exchange 2000, it's a different version.
0
 

Author Comment

by:BRT-Tech
ID: 11897283
Cool.

I'll Implement that in the morning (it's 5 here now) and if it works, you just won the points!

Jon
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11898484
thanks ;)
0
 

Author Comment

by:BRT-Tech
ID: 11904836
Thanks Yan,

I disabled NDR's today. Found the setting exactly where you said to look.

It will take a few days for all the retries to flush out of the queue. There are too many to delete by hand, and I don't want to accidentally delete some real mail.

I'm not sure this is the absolute best solution, since my users will no longer get NDR's when the enter a totally crappy address that can't be resolved, but it should get my traffic issue under control.

Will all the incoming mail with bad addresses now go directly to the badmail folder?

Jon

0
 
LVL 15

Expert Comment

by:Yan_west
ID: 11904992
Yes they will... like always..

you cannot prevent that, there is nothing to do exept empty it each week.. I've searched alot for a solution for this a couple of months ago, and that's the best solution there was...
0
 

Author Comment

by:BRT-Tech
ID: 11906386
Thanks :)
0
 

Author Comment

by:BRT-Tech
ID: 12019996
Just a follow-up post....

Several days after I disabled NDR's the outgoing SMTP queues cleared up and the processor load on the server went down under 15%. This is a HUGE improvement.

Since then I have implemented Symantec's Mail Security 4.5 for Exchange and the RBL's are blocking better than 20,000 connect attempts per day. Now the processor load is averaging under 5%.

Thank you!

Jon
0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12020052
Great! :) Glad we could help you..
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
need assistance with powershell script to remove email aliases 36 77
Intune/ Microsoft EMS 1 33
Office 365 cutover migration questions 2 35
exchange 2007 5 8
Not sure what the best email signature size is? Are you worried about email signature image size? Follow this best practice guide.
Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question