Exchange 2003 IMF strips 2K to 4K messages a day...Is there something wrong with the configuration?

Don't get me wrong....I love the fact that IMF is working (even though it took a little tweaking with the SCLs to get it optimal). However, I find it difficult to beleive that for an 80-user company we are getting that much junkmail. Much of the "sent to" addresses are either old accounts that were deleted some time ago, or accounts that we never had. Is there something that I am missing in the configuration? Could our server be replying to senders in some way propogating more UCE, or is it really normal to get this ammount?

Environment: Windows 2003 SP1 with Exchange 2003 SP2 over it, fully patched. No front end server configuration, single Exchange server.

In ESM: Message Delivery Options- Recipient Filtering is not selected; Sender ID Filtering Accept (default); Connection Filtering not configured (default) but some addresses have been allowed to global allowed list. Virtual SMTP server- Apply IMF, apply Sender Filter, apply Connection Filter.

Maybe I should just be happy that it's working, but I have to go through all the UCE every couple of days to make sure it's really junk.

Thanks!
LVL 1
jefferybushAsked:
Who is Participating?
 
SembeeCommented:
The major problem is allowing email to be delivered to accounts that don't exist.
If you turn on recipient filtering and the tar pit feature you will see a massive drop in email messages being caught. My home Exchange server (which has five accounts on it) blocks between 400 and 600 messages a DAY that are sent to invalid users. Therefore you 2000 plus does not surprise me at all.

Recipient filtering filters at the handshake, so the message isn't even delivered to your server. If it is a legitimate misspelling then the sender will get an NDR immediately.

Simon.
0
 
jefferybushAuthor Commented:
Thanks Simon. I have enable recipient and the tarptitting feature, we'll see how it goes. Will all messages sent to invalid addresses get an NDR and help the spammer with harvesting tho? Or will the 5 second delay in SMPT responses fix that?

Jeff
0
 
SembeeCommented:
Tar pit deals with the directory harvesting. It slows down the spammer so that it becomes uneconomic to attack your system.
Think how long five seconds is, and then think how many responses a spammer COULD get in that time.

Simon.
0
 
jefferybushAuthor Commented:
Thanks again!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.