?
Solved

MS Exchange - unknown recepient for non-existing addresses

Posted on 2005-03-24
5
Medium Priority
?
375 Views
Last Modified: 2008-02-01

Problem:

Telnet  mymail.com 25
220 mymail.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.211 ready at  Thu, 24
Mar 2005 17:11:49 +0400
helo aaa
250 mymail.com Hello [X.X.X.X]
mail from: nobody
250 2.1.0 nobody@mymail.com....Sender OK
rcpt to: administrator
250 2.1.5 administrator@mymail.com
data
354 Please start mail input.
THIS IS A TEST
.
250 Mail queued for delivery.
---------------------------------------------------------------
But on the MDAEMON mail server I have following:

<SKIPPED>
mail from: nobody
550 <nobody@mymail.com>, Sender unknown

Why I can send mail from unknown users (nobody) to the local recepients  ?
I have relay closed on my exchange (unable to relay for non-aunteticated users)
I have recepient filtering on


Is this MS Exchange problem or I can sort it out ?

Cheers



0
Comment
Question by:iliko
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 13621372
It looks like your Exchange server is working correctly.

Exchange will always accept email destined for it, then NDR it later.
It also doesn't matter what you put in the "From" line, as Exchange doesn't use that as a validation - how can it?

The only way to stop it accepting email for non existent users is to use a third party tool that can do LDAP lookups. GFI Mail Essentials can do that, there are probably some others that can as well.

Simon.
0
 

Author Comment

by:iliko
ID: 13621438
Is this mean: everybody can telnet into my Exchange machine and send me email from abusing receipient names ?
And I can overcome this only using GFI Nail Essentials or similar 3-rd party software ?

But why Mdaemon prevent from sending messages in this way ?
0
 
LVL 104

Expert Comment

by:Sembee
ID: 13621486
NDR attacks are quite common against an Exchange server. Some people want to accept email for any user at their domain, so spammers take advantage of that.

Exchange 2003 has a built in filtering option which can do the LDAP lookups for you, but with Exchange 2000 you must use 3rd party.

Why? You will have to ask the Exchange developers. That is the way that it is, and we have to live with it.

Simon.
0
 

Author Comment

by:iliko
ID: 13621576


I am not receiving NDR's, I am receiving messages from NOBODY@ANYTHING.COM !
By the way I have Exchange 2003 - is this mean I can prevent these issues with LDAP filtering ?

Of course I can close sender's IP/subnet on the firewall, but this is not the right solution ...
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
ID: 13622975
It is important that you say which version of Exchange that you have - as there are some differences between the versions.

Filtering non existent users is built in to Exchange 2003
http://www.amset.info/exchange/filterunknown.asp

While you may not be receiving the NDRs, they can be used.
An NDR attack is where lots of messages are sent to your domain with invalid addresses on purpose. The "from" header is faked and is the address that the spammer is trying to send to. Your Exchange server NDRs the message, to the person who "sent" it, except they didn't send it, but Exchange tries to deliver it to them.

Simon.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Suggested Courses
Course of the Month9 days, 19 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question