exchange 2003 NDR Attacks

Posted on 2007-10-19
Last Modified: 2011-04-14
It appears there are tons of emails trying to be sent out from our system. I opened up these emails and some have a from address of and other from field is black.

This appears to be a NDR attack. Now I know somewhat about the filtering options but we have windows 2000 and it was not suggested to apply any filtering because of AD harvest issues.

Since we do not have windows 2003 to turn on tar pitting option what can I do? This is causing all kinds of bouncebacks to employees trying to say they sent an email to ex-employees that no longer exist.

Our queues are really starting to fill up quickly after I cleared them.
Question by:bman9111
    LVL 104

    Expert Comment

    You have two options really.

    1. Move to Exchange 2003 on Windows 2003. Having a eight year old OS in production is not really something that is any good long term.

    2. Use a third party tool to provide the recipient filtering and tar pit. Vamsoft ORF will do that for you.


    If your question has been answered, please remember to accept the answer and close the question.
    LVL 8

    Author Comment

    these 2 suggestions are my only option then?
    LVL 104

    Accepted Solution

    There is nothing else that you can do without the use of third party tools if you receive email directly. NDR attacks rely on the server accepting email for addresses that don't exist and then tries to bounce them back. While you can get Exchange 2003 to refuse for non-existent addresses, that then exposes you to a directory harvest attack.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Promote certifications in your email signature

    Has your company recently won an award or achieved a certification? They'll no doubt want to show it off. Email signature images used to promote certifications & awards can instantly establish credibility with a recipient and provide you with numerous benefits.

    Find out how to use dynamic social media in email signatures with this top 10 DOs & DON’Ts.
    Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
    In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
    The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

    794 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now