Solved

How to set up our Exchange server to perform an RDN check on servers that send mail to us?

Posted on 2007-11-27
4
379 Views
Last Modified: 2010-04-19
A common practice on the net is for mail servers, before accepting email from other email servers, to run an RDNS check on the sending server's IP address. This is one way to control SPAM because it at least ties a domain name to an IP.

The problem is, although we run pretty good Anti-SPAM, we still have some really annoying SPAM coming through the system. In part because senders are spoofing our internal email addresses so that the SPAM email looks like its coming from someone on the inside. Our Anti-SPAM filters are configured to ignore internal mail...

Also the outgoing queue is plugged up sending NDR replies from postmaster@domain.com to email addresses that do not exist because the SPAMMER spoofed them.

Bottom line, I think that doing an RDNS check on sending servers has become a standard enough practice that we should implement it. We have a Windows 2003 SBS Std server...

Thanks,

T
Before you ask, our serve
0
Comment
Question by:Tyson0317
4 Comments
 
LVL 15

Accepted Solution

by:
JimboEfx earned 500 total points
ID: 20363810
I don't think exchange RDN will provide the solution you want:

http://support.microsoft.com/kb/297412

Ensure you have set up exhange IMF:

http://www.petri.co.il/block_spam_with_exchange2003_imf.htm

Other features:

http://www.msexchange.org/tutorials/Microsoft-Small-Business-Server-2003-Spam-Filtering.html

Also consider implementing tar pitting (to slow down the spammers if nothing else)

http://www.msexchange.org/tutorials/Windows-based-SMTP-Tar-Pitting-Explained.html

The above may not solve the problem, just reduce it. In your place I would be asking questions of the software vendor and look to examine smtp conversations on your internal domain name - there is normally only one exchange server in a SBS environment so smtp conversations comming from your internal domain name to your exchange server should be few i would imagine.

Or look at a filtering services such as exchange hosted servrices - then only allow smtp to and from them...

0
 

Author Comment

by:Tyson0317
ID: 20370485
Jimbo,

I read the article that you posted and my heart dropped. Why the hell has MSFT not implemented this very simple method of SPAM control??

I read over the other articles - it seems that IMF is pretty much worthless... The article on MSExchange.org was useful, but I dont think that it will address our issue. And although it says that Block List Server are around, it does not mention where to find one...

Maybe you can help me find another solution to our specific problem. We use Cloudmark Anti-SPAM, which works pretty well. Unfortunately, I am in a catch-22 scenerio here. Cloudmark has an option where it does not filter all internal emails - this is good, because we do not send SPAM to one another. I had to do this because our bussiness is investment consulting, so we often send emails that contain stock trading terms, 401k, etc. Prior to instructing Cloudmark to not filter internal emails, it sometimes would think that a legit email was SPAM...

The problem now is that a SPAMMER is making his emails look like they are coming from one of the people in our office. The reply-to address is spoofed. We are getitng spammed by this method and it is working to bypass our Cloudmark filter because it is set to not block internal emails...

How can I keep spoofed emails like this from entering our network? Shouldnt there be a setting in Exchange to recognise that emails coming from the outside having reply addresses on the inside are invalid?
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the event you manage a Small Business Server 2003, and you are audited for PCI compliance, there are several changes you must make in order to pass the audit. I can take no credit for discovering any of these fixes or workarounds, but there is no…
You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question