Solved

ISA Server 2004 NDR attack on SMTP Virtual Server Need Help

Posted on 2006-11-17
3
450 Views
Last Modified: 2010-04-09
We are currently using ISA 2004 as a proxy and a firewall as our entry point to the outside.  We are running an SMTP virtual server on this ISA box which passes email through to our Exchange 2K3 email server.  We were experiencing NDR attacks on the Exchange server (filling up queues with postmaster NDR messages) so I enabled recipient filtering to filter messages sent to recipients that weren't in the directory.  This cleaned up the overloaded queues on the Exchange server.  However, I have recently noticed that there is a Queue folder in the ISA 2K4 server (inetpub\mailroot) that is also filling up with NDR messages which are being sent from postmaster@isaserver.domain.com.  It appears that this virtual smtp server on the ISA box is under NDR attack as well, however there is not an option in ISA to filter recipients not in the directory.  I also discovered that the Badmail folder on ISA (inetpub\mailroot) got overloaded with over 1 million messages and caused the server to stop working.  I setup a task that runs a script to emtpy that badmail folder to keep this from happening again.  The badmail folder on our Exchange 2K3 server was empty, but the badmail folder on our ISA box was way overloaded.  What should I do to stop the NDR queue buildup on ISA?  Also, I am not 100% sure that I even need to have this virtual SMTP server setup in ISA to pass email to Exchange.  Do I?  Is there another way that ISA needs to be configured to pass outside email to our Exchange box?  Thanks in advance for the help.
0
Comment
Question by:shockey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 51

Accepted Solution

by:
Keith Alabaster earned 125 total points
ID: 17966320
Couple of things here. Fiest is to make sure you have all of the ISA/Windows service packs installed.

You do not need an smtp service on isa; personally I will not even install IIS on the ISA box as again, it is not necessary. on the ISA, just run the mail publishing wizard for smtp abd give the internal IP (Never the name) of the Exchange server or gateway you want mail traffic passed to.

For outgoing, on the Exchange server SMTP connector either set an external device as the smarthost or let DNS do the delivering for you.

Regards

Keith
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question