Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Exchange 2003 spam and NDR's

Posted on 2006-11-17
Medium Priority
Last Modified: 2008-01-09
I have a client with about 25 users on a Server2003 env with Exchange 2003 server.  They are very heavy email users and also get a ton of junk mail, I have Symantec Mail Security installed and also the IMF build into Exchange SP2.

Here is the problem...
With the amount of junk mail they get the outgoing mail queue was getting jammed trying to send NDR's to the junkmail senders, I thought of turning off the NDR's for badmail but when I did so I got the warning that this option may increase the amount of junkmail since it would make the server respond differently to bad email address and therefor make the Spammers able to determine if an email address is valid or not.  So I left the default setting.

My solution was simply to use my customers ISP (Rogers Cable) SMTP server as a smart host, this seemed to have solved the problem until recently.  

However, Rogers has outsourced their email servers to Yahoo and Yahoo has recently instituted some emial caps.  Since all the outgoing mail is sent to the rogers smarthost and requires authentication from Yahoo's perspective all 25 users are sending email through 1 account and Yahoo has labeled teh account as a smammer and disable outgoing email on that account.  The Rogers cannot reset this nor can they tell me what the cap is.

So can I go back to using DNS to look up mx records and send our own mail and trun off the NDR's for bad mail or is there another simpler solution?

Question by:BMarden

Expert Comment

ID: 17965339
Postini or Barracuda

Postini Hosted or Barracuda hardware antispam/ant virus firewall
LVL 16

Expert Comment

ID: 17965526
Your Exchange should not send NDR's to spammers. The NDR's most likely will not arrive anywhere since most spam is sent by Zombie home PC's.

Really, Roger's should help you find a solution since it was their decision to outsource their servers. If they cannot keep providing their service, you should move to another ISP asap and let Rogers pay for the switch as they unilaterally changed the service agreement.

Expert Comment

ID: 17965788
We are a financial firm with a similar setup. I searched for a solution for quite  a while. The best solution that I came up with was to outsource to MXLogic. We have 25 users also and we pay $50 per month for the service which is by far cheaper than any other hosted service. At that price, it even beats a hardware solution since you will end up paying for for a yearly service contract anyway.

Accepted Solution

trenes earned 1000 total points
ID: 17965958
Hi BMarden,

You could try to disable NDR , and harness against directory harvesting attacks.

How do I enable the tar pit feature?
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

The tar pit feature can be enabled and configured by setting a registry key. To do this, follow these steps.

Note If the TarpitTime registry entry does not exist, Exchange behaves as if the value of this registry entry were set to 0. When the registry entry has a value of 0, there is no delay when the SMTP address verification responses are sent. 1. Click Start, click Run, type regedit in the Open box, and then click OK.
2. Locate and then click to select the following registry subkey:
3. On the Edit menu, point to New, and then click DWORD Value.
4. Type TarpitTime as the registry entry name, and then press ENTER.  
5. On the Edit menu, click Modify.
6. Click Decimal.
7. In the Value data box, type the number of seconds that you want to delay SMTP address verification responses for each address that does not exist. Then, click OK. For example, type 5, and then click OK. This delays SMTP address verification responses for 5 seconds.
8. Quit Registry Editor.
9. Restart the Simple Mail Transport Protocol (SMTP) service.

 Back to the top

Can I use tar pitting on Windows Server 2003 if I do not use Exchange 2003?
Yes, you can. Tar pitting is a feature of the generic Windows Server 2003 SMTP service. This SMTP service is used by Exchange and can also be used by other applications.

The tar pit feature inserts delays into 5.x.x error responses. If your application can make good use of such delays, you may want to consider enabling the tar pit feature.



Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question