Improve company productivity with a Business Account.Sign Up

x
?
Solved

Block invalid NDR's

Posted on 2004-09-01
7
Medium Priority
?
1,668 Views
Last Modified: 2007-12-19
Does anyone know of a way to block invalid NDR's with Exchange 2000 - ie NDR's to emails not actually sent by a user within our organisation (typically when their email address has been spoofed by a spammer)? I don't want to block all inbound DSN's or even valid NDR's. I just want to block NDR's from external addresses in reply to emails that were never actually sent from within our organisation. I suspect that their may be a way to do this by doing some sort of reverse lookup on the originating domain in the NDR - to show that that the email that the NDR is a reply to did not genuinely originate from our domain? Is this possible?

Please help! One user in particular (who has obviously had his address spoofed by a load of spammers) is getting overwhelmed with NDR's for email he has not sent. What’s more they are forwarding all the erroneous NDR's to my boss :-(
0
Comment
Question by:samcadby
  • 3
4 Comments
 
LVL 17

Expert Comment

by:Microtech
ID: 11950544
Hi samcadby,

there is only the all or nothing approach here, unless you go with a spam blocker which can send out its own ndr's.

in exchange server the way to stop ndrs is to go to esm then to global settings> internet message format> right click on default and select properties. then you will see a tick box under the advanced tab for ndr's.

Hope This helps
0
 
LVL 17

Expert Comment

by:Microtech
ID: 11950549
gfi mail essentials will achieve what you are looking to do, there are obviously other 3rd party tools http://www.gfi.com/mes/
0
 

Author Comment

by:samcadby
ID: 11950738
Hmmm,

gfi can reverse lookup to block mail from domains where the MX does not match the IP (good) but the NDR's we're getting are from valid domains but in reply to emails from invalid domains (as the original sender is spoofed). Does anyone know if GFI can traverse all the headers and reject if the domain is invalid in any of the headers, not just the top one?
I'm also slightly nervous about blocking based solely on bad domains - some people may be legitimately masquerading a domain. A better solution would be a way of correlated NDR's to sent mails and rejecting the NDR's where there is no correlating outgoing mail from our domain...

We live in hope! Any more ideas anyone?
0
 
LVL 17

Accepted Solution

by:
Microtech earned 1000 total points
ID: 11950804
you may also want to see this link, BNettles73 has given a good explaination of spoof e-mails and what you can do about them.
http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21108443.html

I believe that GFI does a check for invalid headers, not sure though.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Let us take a look at the scenario, you have a database that is corrupt and you run the ESEUTIL command only to find you are unable to repair it. How do you now get the data back?
This is a very interesting topic. Ransomware has been around for a while but has increased drastically over the last year or so.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question