Exchange, Spam and not bouncing mail

Posted on 2006-12-01
Last Modified: 2010-03-06
Seems like the world is being particularly inundated with spam the last month or so.  Especially, all of that darn picture attachment junk.  Our company is a media/printing outlet and I just cant block these sorts of attachments, the text is too random, filters are not getting it etc.  Probably the same problems alot of people are having.  Anyway, I am seeing alot of traffic hitting our exchange server for bad addresses and I do not have the capability at this time of doing an LDAP lookup before the exchange server.  What can I do to stop exchange from sending bounces on this type of mail? This will allow me to virtually cut in half the server load created by this type of junk until I can do something better before email hits the server.  Input?  Any other ideas?  I just cannot find any configuration options on exchange on how I can set up the way it treats error codes and return email's to senders.

For background this is our current email flow:

World -> Postini -> external mail filter (linux postfix) -> internal mail gateway (SAV for gateways, ver 9.  I have a 10 licnese but have not upgraded yet) -> Exchange with SAV 9 for exchange installed (again, have 10 license not installed yet).  Even with all of these stops along the way an inordinante amount of spam is getting through and it's really taxing the hardware.

Thanks in advance!
Question by:ChrisGrable
LVL 10

Expert Comment

ID: 18054287
To start is most of your spam sent to people that do not exist and causing exessive amounts of NDR's.  If so try recipiant filtering and tarpitting in exchange to reduce those problems.  Filter recipiants who arent in the directory.  I have had good luck with a combo of IMF in Exchange and Mail Security / Mail Essentials from GFI.
LVL 16

Expert Comment

ID: 18054344
you will probably need to do a spam cleanup first of all check this out
i am not sure about the linux postfix and its features
i would give the GFI a go-there is a free trial on their site now and it deals with recipient filtering etc very well

Author Comment

ID: 18054394
"To start is most of your spam sent to people that do not exist and causing exessive amounts of NDR's.  If so try recipiant filtering and tarpitting in exchange to reduce those problems.  Filter recipiants who arent in the directory."

Sorry, my exchange skills are a bit weak.  Could you elaborate a bit on the process in sys manager.  Macro level explanation is fine, I am not completely dull to the options available, just have not done this at any point.

Spam is both coming through to users who do not exist and those who do, it's a mix.  I was just trying to think of a way to cut down on some server load due to the increased traffic.  Seems if I could drop some of these early or at least turn off bounce emails it would help.

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

LVL 10

Expert Comment

ID: 18054460
If you are running Exchange 2003, you can create a recipiant filter.  This is done in ESM under delivery options, recipiant filtering.  Check the box, filter recpiants who are not listed in the directory.

You must then apply this to your smtp virtual server.  Under Servers, your server, protocols, smtp, right click and go to properties.  Click advanced on the gneral tab.  Click edit, and then check the box for apply recipiant filtering.

You should also consider using smtp tar pitting to protect against directory harvest attacks.

If you are not using Exchange 2003 try GFI Mail Essentials it works quite well.

I am not sure how this will effect the postfix gateway, but this will help exchange.

Author Comment

ID: 18054506
I am running Exchange 2003 on W2K3.  Will give this a try and report back.  Still open to other ideas while I am working on this item.

LVL 104

Accepted Solution

Sembee earned 500 total points
ID: 18054918
Unfortunately the posters above have given you false hope by failing to read fully your setup.

Recipient filtering is not going to help very much as you have too much in front of the Exchange server. There are at least four hops before the Exchange server and for recipient filtering to be effective the Exchange server needs to be the point of delivery. In this case that is Postini. If you configure recipient filtering in the current environment there is a good chance that you will either crash your gateway machine or Postini will be annoyed with you.

As you are using Postini, you need to drop the messages there. Look at providing Postini a list of valid users. I am pretty sure that they will have the facility in their service to do that.

Have you restricted your firewall so that email can only come in from Postini? Doesn't matter if your MX records do not point to your site or not, if the restriction isn't there then the spammers will send their messages.

LVL 10

Expert Comment

ID: 18054956
Postini should drop the message if the final destination fails to recieve it after a period of days.

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Lotus Notes – formerly IBM Notes – is an email client application, while IBM Domino (earlier Lotus Domino) is an email server. The client possesses a set of features that are even more advanced as compared to that of Outlook. Likewise, IBM Domino is…
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to:…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now