Improve company productivity with a Business Account.Sign Up

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 351
  • Last Modified:

Exchange, Spam and not bouncing mail

Seems like the world is being particularly inundated with spam the last month or so.  Especially, all of that darn picture attachment junk.  Our company is a media/printing outlet and I just cant block these sorts of attachments, the text is too random, filters are not getting it etc.  Probably the same problems alot of people are having.  Anyway, I am seeing alot of traffic hitting our exchange server for bad addresses and I do not have the capability at this time of doing an LDAP lookup before the exchange server.  What can I do to stop exchange from sending bounces on this type of mail? This will allow me to virtually cut in half the server load created by this type of junk until I can do something better before email hits the server.  Input?  Any other ideas?  I just cannot find any configuration options on exchange on how I can set up the way it treats error codes and return email's to senders.

For background this is our current email flow:

World -> Postini -> external mail filter (linux postfix) -> internal mail gateway (SAV for gateways, ver 9.  I have a 10 licnese but have not upgraded yet) -> Exchange with SAV 9 for exchange installed (again, have 10 license not installed yet).  Even with all of these stops along the way an inordinante amount of spam is getting through and it's really taxing the hardware.

Thanks in advance!
1 Solution
To start is most of your spam sent to people that do not exist and causing exessive amounts of NDR's.  If so try recipiant filtering and tarpitting in exchange to reduce those problems.  Filter recipiants who arent in the directory.  I have had good luck with a combo of IMF in Exchange and Mail Security / Mail Essentials from GFI.
you will probably need to do a spam cleanup first of all check this out
i am not sure about the linux postfix and its features
i would give the GFI a go-there is a free trial on their site now and it deals with recipient filtering etc very well
ChrisGrableAuthor Commented:
"To start is most of your spam sent to people that do not exist and causing exessive amounts of NDR's.  If so try recipiant filtering and tarpitting in exchange to reduce those problems.  Filter recipiants who arent in the directory."

Sorry, my exchange skills are a bit weak.  Could you elaborate a bit on the process in sys manager.  Macro level explanation is fine, I am not completely dull to the options available, just have not done this at any point.

Spam is both coming through to users who do not exist and those who do, it's a mix.  I was just trying to think of a way to cut down on some server load due to the increased traffic.  Seems if I could drop some of these early or at least turn off bounce emails it would help.

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

If you are running Exchange 2003, you can create a recipiant filter.  This is done in ESM under delivery options, recipiant filtering.  Check the box, filter recpiants who are not listed in the directory.

You must then apply this to your smtp virtual server.  Under Servers, your server, protocols, smtp, right click and go to properties.  Click advanced on the gneral tab.  Click edit, and then check the box for apply recipiant filtering.

You should also consider using smtp tar pitting to protect against directory harvest attacks.

If you are not using Exchange 2003 try GFI Mail Essentials it works quite well.

I am not sure how this will effect the postfix gateway, but this will help exchange.
ChrisGrableAuthor Commented:
I am running Exchange 2003 on W2K3.  Will give this a try and report back.  Still open to other ideas while I am working on this item.

Unfortunately the posters above have given you false hope by failing to read fully your setup.

Recipient filtering is not going to help very much as you have too much in front of the Exchange server. There are at least four hops before the Exchange server and for recipient filtering to be effective the Exchange server needs to be the point of delivery. In this case that is Postini. If you configure recipient filtering in the current environment there is a good chance that you will either crash your gateway machine or Postini will be annoyed with you.

As you are using Postini, you need to drop the messages there. Look at providing Postini a list of valid users. I am pretty sure that they will have the facility in their service to do that.

Have you restricted your firewall so that email can only come in from Postini? Doesn't matter if your MX records do not point to your site or not, if the restriction isn't there then the spammers will send their messages.

Postini should drop the message if the final destination fails to recieve it after a period of days.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now