Solved

How to set up our Exchange server to perform an RDN check on servers that send mail to us?

Posted on 2007-11-27
4
372 Views
Last Modified: 2010-04-19
A common practice on the net is for mail servers, before accepting email from other email servers, to run an RDNS check on the sending server's IP address. This is one way to control SPAM because it at least ties a domain name to an IP.

The problem is, although we run pretty good Anti-SPAM, we still have some really annoying SPAM coming through the system. In part because senders are spoofing our internal email addresses so that the SPAM email looks like its coming from someone on the inside. Our Anti-SPAM filters are configured to ignore internal mail...

Also the outgoing queue is plugged up sending NDR replies from postmaster@domain.com to email addresses that do not exist because the SPAMMER spoofed them.

Bottom line, I think that doing an RDNS check on sending servers has become a standard enough practice that we should implement it. We have a Windows 2003 SBS Std server...

Thanks,

T
Before you ask, our serve
0
Comment
Question by:Tyson0317
4 Comments
 
LVL 15

Accepted Solution

by:
JimboEfx earned 500 total points
Comment Utility
I don't think exchange RDN will provide the solution you want:

http://support.microsoft.com/kb/297412

Ensure you have set up exhange IMF:

http://www.petri.co.il/block_spam_with_exchange2003_imf.htm

Other features:

http://www.msexchange.org/tutorials/Microsoft-Small-Business-Server-2003-Spam-Filtering.html

Also consider implementing tar pitting (to slow down the spammers if nothing else)

http://www.msexchange.org/tutorials/Windows-based-SMTP-Tar-Pitting-Explained.html

The above may not solve the problem, just reduce it. In your place I would be asking questions of the software vendor and look to examine smtp conversations on your internal domain name - there is normally only one exchange server in a SBS environment so smtp conversations comming from your internal domain name to your exchange server should be few i would imagine.

Or look at a filtering services such as exchange hosted servrices - then only allow smtp to and from them...

0
 

Author Comment

by:Tyson0317
Comment Utility
Jimbo,

I read the article that you posted and my heart dropped. Why the hell has MSFT not implemented this very simple method of SPAM control??

I read over the other articles - it seems that IMF is pretty much worthless... The article on MSExchange.org was useful, but I dont think that it will address our issue. And although it says that Block List Server are around, it does not mention where to find one...

Maybe you can help me find another solution to our specific problem. We use Cloudmark Anti-SPAM, which works pretty well. Unfortunately, I am in a catch-22 scenerio here. Cloudmark has an option where it does not filter all internal emails - this is good, because we do not send SPAM to one another. I had to do this because our bussiness is investment consulting, so we often send emails that contain stock trading terms, 401k, etc. Prior to instructing Cloudmark to not filter internal emails, it sometimes would think that a legit email was SPAM...

The problem now is that a SPAMMER is making his emails look like they are coming from one of the people in our office. The reply-to address is spoofed. We are getitng spammed by this method and it is working to bypass our Cloudmark filter because it is set to not block internal emails...

How can I keep spoofed emails like this from entering our network? Shouldnt there be a setting in Exchange to recognise that emails coming from the outside having reply addresses on the inside are invalid?
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now