Solved

Exchange 2003 spam and NDR's

Posted on 2006-11-17
4
545 Views
Last Modified: 2008-01-09
I have a client with about 25 users on a Server2003 env with Exchange 2003 server.  They are very heavy email users and also get a ton of junk mail, I have Symantec Mail Security installed and also the IMF build into Exchange SP2.

Here is the problem...
With the amount of junk mail they get the outgoing mail queue was getting jammed trying to send NDR's to the junkmail senders, I thought of turning off the NDR's for badmail but when I did so I got the warning that this option may increase the amount of junkmail since it would make the server respond differently to bad email address and therefor make the Spammers able to determine if an email address is valid or not.  So I left the default setting.

My solution was simply to use my customers ISP (Rogers Cable) SMTP server as a smart host, this seemed to have solved the problem until recently.  

However, Rogers has outsourced their email servers to Yahoo and Yahoo has recently instituted some emial caps.  Since all the outgoing mail is sent to the rogers smarthost and requires authentication from Yahoo's perspective all 25 users are sending email through 1 account and Yahoo has labeled teh account as a smammer and disable outgoing email on that account.  The Rogers cannot reset this nor can they tell me what the cap is.

So can I go back to using DNS to look up mx records and send our own mail and trun off the NDR's for bad mail or is there another simpler solution?

Thanks
0
Comment
Question by:BMarden
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 9

Expert Comment

by:tim1731
ID: 17965339
Postini or Barracuda

Postini Hosted or Barracuda hardware antispam/ant virus firewall
0
 
LVL 16

Expert Comment

by:Redwulf__53
ID: 17965526
Your Exchange should not send NDR's to spammers. The NDR's most likely will not arrive anywhere since most spam is sent by Zombie home PC's.

Really, Roger's should help you find a solution since it was their decision to outsource their servers. If they cannot keep providing their service, you should move to another ISP asap and let Rogers pay for the switch as they unilaterally changed the service agreement.
0
 
LVL 6

Expert Comment

by:gvlob
ID: 17965788
We are a financial firm with a similar setup. I searched for a solution for quite  a while. The best solution that I came up with was to outsource to MXLogic. We have 25 users also and we pay $50 per month for the service which is by far cheaper than any other hosted service. At that price, it even beats a hardware solution since you will end up paying for for a yearly service contract anyway.
0
 
LVL 9

Accepted Solution

by:
trenes earned 250 total points
ID: 17965958
Hi BMarden,

You could try to disable NDR , and harness against directory harvesting attacks.

How do I enable the tar pit feature?
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

The tar pit feature can be enabled and configured by setting a registry key. To do this, follow these steps.

Note If the TarpitTime registry entry does not exist, Exchange behaves as if the value of this registry entry were set to 0. When the registry entry has a value of 0, there is no delay when the SMTP address verification responses are sent. 1. Click Start, click Run, type regedit in the Open box, and then click OK.
2. Locate and then click to select the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMTPSVC\Parameters
3. On the Edit menu, point to New, and then click DWORD Value.
4. Type TarpitTime as the registry entry name, and then press ENTER.  
5. On the Edit menu, click Modify.
6. Click Decimal.
7. In the Value data box, type the number of seconds that you want to delay SMTP address verification responses for each address that does not exist. Then, click OK. For example, type 5, and then click OK. This delays SMTP address verification responses for 5 seconds.
8. Quit Registry Editor.
9. Restart the Simple Mail Transport Protocol (SMTP) service.

 Back to the top

Can I use tar pitting on Windows Server 2003 if I do not use Exchange 2003?
Yes, you can. Tar pitting is a feature of the generic Windows Server 2003 SMTP service. This SMTP service is used by Exchange and can also be used by other applications.

The tar pit feature inserts delays into 5.x.x error responses. If your application can make good use of such delays, you may want to consider enabling the tar pit feature.

Regards,

Trenes
0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
Organizations create, modify, and maintain huge amounts of data to help their businesses earn money and generally function.  Typically every network user within an organization has a bit of disk space to store in process items and personal files.   …
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question