exchange 2003 NDR Attacks

It appears there are tons of emails trying to be sent out from our system. I opened up these emails and some have a from address of and other from field is black.

This appears to be a NDR attack. Now I know somewhat about the filtering options but we have windows 2000 and it was not suggested to apply any filtering because of AD harvest issues.

Since we do not have windows 2003 to turn on tar pitting option what can I do? This is causing all kinds of bouncebacks to employees trying to say they sent an email to ex-employees that no longer exist.

Our queues are really starting to fill up quickly after I cleared them.
Who is Participating?
There is nothing else that you can do without the use of third party tools if you receive email directly. NDR attacks rely on the server accepting email for addresses that don't exist and then tries to bounce them back. While you can get Exchange 2003 to refuse for non-existent addresses, that then exposes you to a directory harvest attack.

You have two options really.

1. Move to Exchange 2003 on Windows 2003. Having a eight year old OS in production is not really something that is any good long term.

2. Use a third party tool to provide the recipient filtering and tar pit. Vamsoft ORF will do that for you.


If your question has been answered, please remember to accept the answer and close the question.
bman9111Author Commented:
these 2 suggestions are my only option then?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.