• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1670
  • Last Modified:

Block invalid NDR's

Does anyone know of a way to block invalid NDR's with Exchange 2000 - ie NDR's to emails not actually sent by a user within our organisation (typically when their email address has been spoofed by a spammer)? I don't want to block all inbound DSN's or even valid NDR's. I just want to block NDR's from external addresses in reply to emails that were never actually sent from within our organisation. I suspect that their may be a way to do this by doing some sort of reverse lookup on the originating domain in the NDR - to show that that the email that the NDR is a reply to did not genuinely originate from our domain? Is this possible?

Please help! One user in particular (who has obviously had his address spoofed by a load of spammers) is getting overwhelmed with NDR's for email he has not sent. What’s more they are forwarding all the erroneous NDR's to my boss :-(
0
samcadby
Asked:
samcadby
  • 3
1 Solution
 
MicrotechCommented:
Hi samcadby,

there is only the all or nothing approach here, unless you go with a spam blocker which can send out its own ndr's.

in exchange server the way to stop ndrs is to go to esm then to global settings> internet message format> right click on default and select properties. then you will see a tick box under the advanced tab for ndr's.

Hope This helps
0
 
MicrotechCommented:
gfi mail essentials will achieve what you are looking to do, there are obviously other 3rd party tools http://www.gfi.com/mes/
0
 
samcadbyAuthor Commented:
Hmmm,

gfi can reverse lookup to block mail from domains where the MX does not match the IP (good) but the NDR's we're getting are from valid domains but in reply to emails from invalid domains (as the original sender is spoofed). Does anyone know if GFI can traverse all the headers and reject if the domain is invalid in any of the headers, not just the top one?
I'm also slightly nervous about blocking based solely on bad domains - some people may be legitimately masquerading a domain. A better solution would be a way of correlated NDR's to sent mails and rejecting the NDR's where there is no correlating outgoing mail from our domain...

We live in hope! Any more ideas anyone?
0
 
MicrotechCommented:
you may also want to see this link, BNettles73 has given a good explaination of spoof e-mails and what you can do about them.
http://www.experts-exchange.com/Networking/Email_Groupware/Exchange_Server/Q_21108443.html

I believe that GFI does a check for invalid headers, not sure though.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now