Improve company productivity with a Business Account.Sign Up


Exchange 2003 spam and NDR's

Posted on 2006-11-17
Medium Priority
Last Modified: 2008-01-09
I have a client with about 25 users on a Server2003 env with Exchange 2003 server.  They are very heavy email users and also get a ton of junk mail, I have Symantec Mail Security installed and also the IMF build into Exchange SP2.

Here is the problem...
With the amount of junk mail they get the outgoing mail queue was getting jammed trying to send NDR's to the junkmail senders, I thought of turning off the NDR's for badmail but when I did so I got the warning that this option may increase the amount of junkmail since it would make the server respond differently to bad email address and therefor make the Spammers able to determine if an email address is valid or not.  So I left the default setting.

My solution was simply to use my customers ISP (Rogers Cable) SMTP server as a smart host, this seemed to have solved the problem until recently.  

However, Rogers has outsourced their email servers to Yahoo and Yahoo has recently instituted some emial caps.  Since all the outgoing mail is sent to the rogers smarthost and requires authentication from Yahoo's perspective all 25 users are sending email through 1 account and Yahoo has labeled teh account as a smammer and disable outgoing email on that account.  The Rogers cannot reset this nor can they tell me what the cap is.

So can I go back to using DNS to look up mx records and send our own mail and trun off the NDR's for bad mail or is there another simpler solution?

Question by:BMarden

Expert Comment

ID: 17965339
Postini or Barracuda

Postini Hosted or Barracuda hardware antispam/ant virus firewall
LVL 16

Expert Comment

ID: 17965526
Your Exchange should not send NDR's to spammers. The NDR's most likely will not arrive anywhere since most spam is sent by Zombie home PC's.

Really, Roger's should help you find a solution since it was their decision to outsource their servers. If they cannot keep providing their service, you should move to another ISP asap and let Rogers pay for the switch as they unilaterally changed the service agreement.

Expert Comment

ID: 17965788
We are a financial firm with a similar setup. I searched for a solution for quite  a while. The best solution that I came up with was to outsource to MXLogic. We have 25 users also and we pay $50 per month for the service which is by far cheaper than any other hosted service. At that price, it even beats a hardware solution since you will end up paying for for a yearly service contract anyway.

Accepted Solution

trenes earned 1000 total points
ID: 17965958
Hi BMarden,

You could try to disable NDR , and harness against directory harvesting attacks.

How do I enable the tar pit feature?
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

The tar pit feature can be enabled and configured by setting a registry key. To do this, follow these steps.

Note If the TarpitTime registry entry does not exist, Exchange behaves as if the value of this registry entry were set to 0. When the registry entry has a value of 0, there is no delay when the SMTP address verification responses are sent. 1. Click Start, click Run, type regedit in the Open box, and then click OK.
2. Locate and then click to select the following registry subkey:
3. On the Edit menu, point to New, and then click DWORD Value.
4. Type TarpitTime as the registry entry name, and then press ENTER.  
5. On the Edit menu, click Modify.
6. Click Decimal.
7. In the Value data box, type the number of seconds that you want to delay SMTP address verification responses for each address that does not exist. Then, click OK. For example, type 5, and then click OK. This delays SMTP address verification responses for 5 seconds.
8. Quit Registry Editor.
9. Restart the Simple Mail Transport Protocol (SMTP) service.

 Back to the top

Can I use tar pitting on Windows Server 2003 if I do not use Exchange 2003?
Yes, you can. Tar pitting is a feature of the generic Windows Server 2003 SMTP service. This SMTP service is used by Exchange and can also be used by other applications.

The tar pit feature inserts delays into 5.x.x error responses. If your application can make good use of such delays, you may want to consider enabling the tar pit feature.



Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
From store locators to asset tracking and route optimization, learn how leading companies are using Google Maps APIs throughout the customer journey to increase checkout conversions, boost user engagement, and optimize order fulfillment. Powered …
Watch the software video of Kernel Import PST to Office 365 tools which can easily import PST and OST files to Office 365 for bulk mailboxes. The process of migration is simple and user can map source and destination mailboxes and easily import data…

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question