?
Solved

ISA Server 2004 NDR attack on SMTP Virtual Server Need Help

Posted on 2006-11-17
3
Medium Priority
?
456 Views
Last Modified: 2010-04-09
We are currently using ISA 2004 as a proxy and a firewall as our entry point to the outside.  We are running an SMTP virtual server on this ISA box which passes email through to our Exchange 2K3 email server.  We were experiencing NDR attacks on the Exchange server (filling up queues with postmaster NDR messages) so I enabled recipient filtering to filter messages sent to recipients that weren't in the directory.  This cleaned up the overloaded queues on the Exchange server.  However, I have recently noticed that there is a Queue folder in the ISA 2K4 server (inetpub\mailroot) that is also filling up with NDR messages which are being sent from postmaster@isaserver.domain.com.  It appears that this virtual smtp server on the ISA box is under NDR attack as well, however there is not an option in ISA to filter recipients not in the directory.  I also discovered that the Badmail folder on ISA (inetpub\mailroot) got overloaded with over 1 million messages and caused the server to stop working.  I setup a task that runs a script to emtpy that badmail folder to keep this from happening again.  The badmail folder on our Exchange 2K3 server was empty, but the badmail folder on our ISA box was way overloaded.  What should I do to stop the NDR queue buildup on ISA?  Also, I am not 100% sure that I even need to have this virtual SMTP server setup in ISA to pass email to Exchange.  Do I?  Is there another way that ISA needs to be configured to pass outside email to our Exchange box?  Thanks in advance for the help.
0
Comment
Question by:shockey
1 Comment
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 500 total points
ID: 17966320
Couple of things here. Fiest is to make sure you have all of the ISA/Windows service packs installed.

You do not need an smtp service on isa; personally I will not even install IIS on the ISA box as again, it is not necessary. on the ISA, just run the mail publishing wizard for smtp abd give the internal IP (Never the name) of the Exchange server or gateway you want mail traffic passed to.

For outgoing, on the Exchange server SMTP connector either set an external device as the smarthost or let DNS do the delivering for you.

Regards

Keith
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
this video summaries big data hadoop online training demo (http://onlineitguru.com/big-data-hadoop-online-training-placement.html) , and covers basics in big data hadoop .
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

621 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question