Possible NDR attach

Hey there,

I have a server that is getting loads of false domain names in the message queues in Exchange. We are running an SBS2003 server with Exchange SP2. Latelly i have noticed a large number of domians in the queues failing bacause the domain doesnt exist, the messages are from postmaster so it looks like a NDR attach. I have tried using the message receipient filtering, but it doesnt seem to change anything. The queues are sitting at about 2000 domains. I am runnnig Trend Micro Scanmail for exchange with Anto Spam enabled. Does anyone know how to stop the messages from being sent back to the false domain from postmaster and clearing the queues.

cheers
CodeBlueEngineersAsked:
Who is Participating?
 
elbereth21Commented:
Hi CodeBlueEngineers,
against NDR attacks, there is this strategy:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;886208

Elbereth.
0
 
LeeDerbyshireCommented:
Exchange 2003?  Go to Global Settings/Internet Message Formats , and look at the properties of the Default format.  On the Advanced tab, you can turn off non-delivery reports (NDRs).
0
 
SembeeCommented:
Configuring recipient filtering will only stop further email messages. It will not deal with what you already have.
Plus I don't recommend turning off NDRs, that just hides the problem.

Take a look at my cleanup article. http://www.amset.info/exchange/spam-cleanup.asp
That will guide you through identifying what the source of the attack is, and then how to cleanup the mess it leaves behind.

Simon.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.