Solved

Exchange, Spam and not bouncing mail

Posted on 2006-12-01
7
339 Views
Last Modified: 2010-03-06
Seems like the world is being particularly inundated with spam the last month or so.  Especially, all of that darn picture attachment junk.  Our company is a media/printing outlet and I just cant block these sorts of attachments, the text is too random, filters are not getting it etc.  Probably the same problems alot of people are having.  Anyway, I am seeing alot of traffic hitting our exchange server for bad addresses and I do not have the capability at this time of doing an LDAP lookup before the exchange server.  What can I do to stop exchange from sending bounces on this type of mail? This will allow me to virtually cut in half the server load created by this type of junk until I can do something better before email hits the server.  Input?  Any other ideas?  I just cannot find any configuration options on exchange on how I can set up the way it treats error codes and return email's to senders.

For background this is our current email flow:

World -> Postini -> external mail filter (linux postfix) -> internal mail gateway (SAV for gateways, ver 9.  I have a 10 licnese but have not upgraded yet) -> Exchange with SAV 9 for exchange installed (again, have 10 license not installed yet).  Even with all of these stops along the way an inordinante amount of spam is getting through and it's really taxing the hardware.

Thanks in advance!
0
Comment
Question by:ChrisGrable
7 Comments
 
LVL 10

Expert Comment

by:MATTHEW_L
Comment Utility
To start is most of your spam sent to people that do not exist and causing exessive amounts of NDR's.  If so try recipiant filtering and tarpitting in exchange to reduce those problems.  Filter recipiants who arent in the directory.  I have had good luck with a combo of IMF in Exchange and Mail Security / Mail Essentials from GFI.
0
 
LVL 16

Expert Comment

by:poweruser32
Comment Utility
you will probably need to do a spam cleanup first of all check this out
http://www.amset.info/exchange/spam-cleanup.asp
i am not sure about the linux postfix and its features
i would give the GFI a go-there is a free trial on their site now and it deals with recipient filtering etc very well
0
 

Author Comment

by:ChrisGrable
Comment Utility
"To start is most of your spam sent to people that do not exist and causing exessive amounts of NDR's.  If so try recipiant filtering and tarpitting in exchange to reduce those problems.  Filter recipiants who arent in the directory."

Sorry, my exchange skills are a bit weak.  Could you elaborate a bit on the process in sys manager.  Macro level explanation is fine, I am not completely dull to the options available, just have not done this at any point.

Spam is both coming through to users who do not exist and those who do, it's a mix.  I was just trying to think of a way to cut down on some server load due to the increased traffic.  Seems if I could drop some of these early or at least turn off bounce emails it would help.

Thanks!
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 10

Expert Comment

by:MATTHEW_L
Comment Utility
If you are running Exchange 2003, you can create a recipiant filter.  This is done in ESM under delivery options, recipiant filtering.  Check the box, filter recpiants who are not listed in the directory.

You must then apply this to your smtp virtual server.  Under Servers, your server, protocols, smtp, right click and go to properties.  Click advanced on the gneral tab.  Click edit, and then check the box for apply recipiant filtering.

You should also consider using smtp tar pitting to protect against directory harvest attacks.
http://support.microsoft.com/kb/842851

If you are not using Exchange 2003 try GFI Mail Essentials it works quite well.

I am not sure how this will effect the postfix gateway, but this will help exchange.
0
 

Author Comment

by:ChrisGrable
Comment Utility
I am running Exchange 2003 on W2K3.  Will give this a try and report back.  Still open to other ideas while I am working on this item.

Thanks!
0
 
LVL 104

Accepted Solution

by:
Sembee earned 500 total points
Comment Utility
Unfortunately the posters above have given you false hope by failing to read fully your setup.

Recipient filtering is not going to help very much as you have too much in front of the Exchange server. There are at least four hops before the Exchange server and for recipient filtering to be effective the Exchange server needs to be the point of delivery. In this case that is Postini. If you configure recipient filtering in the current environment there is a good chance that you will either crash your gateway machine or Postini will be annoyed with you.

As you are using Postini, you need to drop the messages there. Look at providing Postini a list of valid users. I am pretty sure that they will have the facility in their service to do that.

Have you restricted your firewall so that email can only come in from Postini? Doesn't matter if your MX records do not point to your site or not, if the restriction isn't there then the spammers will send their messages.

Simon.
0
 
LVL 10

Expert Comment

by:MATTHEW_L
Comment Utility
Postini should drop the message if the final destination fails to recieve it after a period of days.
0

Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Join & Write a Comment

Follow this checklist to learn more about the 15 things you should never include in an email signature from personal quotes, animated gifs and out-of-date marketing content.
This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now