Exchange 2003 spam and NDR's

Posted on 2006-11-17
Medium Priority
Last Modified: 2008-01-09
I have a client with about 25 users on a Server2003 env with Exchange 2003 server.  They are very heavy email users and also get a ton of junk mail, I have Symantec Mail Security installed and also the IMF build into Exchange SP2.

Here is the problem...
With the amount of junk mail they get the outgoing mail queue was getting jammed trying to send NDR's to the junkmail senders, I thought of turning off the NDR's for badmail but when I did so I got the warning that this option may increase the amount of junkmail since it would make the server respond differently to bad email address and therefor make the Spammers able to determine if an email address is valid or not.  So I left the default setting.

My solution was simply to use my customers ISP (Rogers Cable) SMTP server as a smart host, this seemed to have solved the problem until recently.  

However, Rogers has outsourced their email servers to Yahoo and Yahoo has recently instituted some emial caps.  Since all the outgoing mail is sent to the rogers smarthost and requires authentication from Yahoo's perspective all 25 users are sending email through 1 account and Yahoo has labeled teh account as a smammer and disable outgoing email on that account.  The Rogers cannot reset this nor can they tell me what the cap is.

So can I go back to using DNS to look up mx records and send our own mail and trun off the NDR's for bad mail or is there another simpler solution?

Question by:BMarden
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 17965339
Postini or Barracuda

Postini Hosted or Barracuda hardware antispam/ant virus firewall
LVL 16

Expert Comment

ID: 17965526
Your Exchange should not send NDR's to spammers. The NDR's most likely will not arrive anywhere since most spam is sent by Zombie home PC's.

Really, Roger's should help you find a solution since it was their decision to outsource their servers. If they cannot keep providing their service, you should move to another ISP asap and let Rogers pay for the switch as they unilaterally changed the service agreement.

Expert Comment

ID: 17965788
We are a financial firm with a similar setup. I searched for a solution for quite  a while. The best solution that I came up with was to outsource to MXLogic. We have 25 users also and we pay $50 per month for the service which is by far cheaper than any other hosted service. At that price, it even beats a hardware solution since you will end up paying for for a yearly service contract anyway.

Accepted Solution

trenes earned 1000 total points
ID: 17965958
Hi BMarden,

You could try to disable NDR , and harness against directory harvesting attacks.

How do I enable the tar pit feature?
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

The tar pit feature can be enabled and configured by setting a registry key. To do this, follow these steps.

Note If the TarpitTime registry entry does not exist, Exchange behaves as if the value of this registry entry were set to 0. When the registry entry has a value of 0, there is no delay when the SMTP address verification responses are sent. 1. Click Start, click Run, type regedit in the Open box, and then click OK.
2. Locate and then click to select the following registry subkey:
3. On the Edit menu, point to New, and then click DWORD Value.
4. Type TarpitTime as the registry entry name, and then press ENTER.  
5. On the Edit menu, click Modify.
6. Click Decimal.
7. In the Value data box, type the number of seconds that you want to delay SMTP address verification responses for each address that does not exist. Then, click OK. For example, type 5, and then click OK. This delays SMTP address verification responses for 5 seconds.
8. Quit Registry Editor.
9. Restart the Simple Mail Transport Protocol (SMTP) service.

 Back to the top

Can I use tar pitting on Windows Server 2003 if I do not use Exchange 2003?
Yes, you can. Tar pitting is a feature of the generic Windows Server 2003 SMTP service. This SMTP service is used by Exchange and can also be used by other applications.

The tar pit feature inserts delays into 5.x.x error responses. If your application can make good use of such delays, you may want to consider enabling the tar pit feature.



Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question