Avatar of derekruf
derekruf

asked on 

NDR Attack in Exchange 2003 mailbox

I have an Exchange 2003 Mailbox that is filling up with NDR's. The server is not an open relay, recipient filtering is turned on. All NDR's appear to be generated from our server. I believe spammers are using the users email account to send Spam. The recipents servers are sending back NDR's to our server and then being passed on to the users mailbox.
Please HELP!! Thanks
Exchange

Avatar of undefined
Last Comment
Sembee
ASKER CERTIFIED SOLUTION
Avatar of Sembee
Sembee
Flag of United Kingdom of Great Britain and Northern Ireland image

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of derekruf
derekruf

ASKER

Sembee:
I have implemented the PSF record and if it made a difference it was a small one. I have heard GFI Mail Essentials or Hardware Spam appliances may help.
Avatar of Sembee
Sembee
Flag of United Kingdom of Great Britain and Northern Ireland image

Spam applications/appliances will not help with this type of problem because you still have to accept the NDR. You are not receiving the spam so they have nothing to filter on - you are getting the reject messages.

The real problem are the clueless email server administrators who bounce back email that they flag as spam or sent to non-existent users AFTER it has been delivered. The best way to filter for spam is to stop it at the SMTP level so that it isn't even delivered to the server. If you allow the messages to be delivered then then the spammer has done their job.

Simon.
Avatar of derekruf
derekruf

ASKER

Sembee:
I have heard it is possible for Appliances or third party solutions to examine the header of the NDR when it is returned to our mail server. In this examination it does its own kind of SPF lookup. It then realizes that the NDR the recipent mail server is sending out should have really dropped the message. Our Spam appliance or third party sollution then drops the NDR as the header information shows the original message did not come from our server. I have dicussed this with another tech running a Linux Spam Assasin SMTP relay server. We would point our MX record to his server and his server would pass it on to our SMTP server. We would configure our smtp server to only accept connections from the filtering server. What do you think? Could this work?
Avatar of Sembee
Sembee
Flag of United Kingdom of Great Britain and Northern Ireland image

Running your email through another server elsewhere would lose something more valuable - recipient filtering. Considering how much email can be dropped by recipient filtering it is not something that I would be looking to give up.

There is no easy solution to being the victim of a spoof. An appliance might work, I haven't used any of them so cannot comment on whether they would deal with the problem.

 Don't ask their sales guys though - as no antispam solution is 100% effective for all sites. I had a client last year where no product, software, hardware or out sourced would work because their primary business was mortgages and finance for people with poor credit and all spam filters they tried blocked legitimate email. They had to get something custom written for them.

Simon.
Exchange
Exchange

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

213K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo