Solved

How to set up our Exchange server to perform an RDN check on servers that send mail to us?

Posted on 2007-11-27
4
381 Views
Last Modified: 2010-04-19
A common practice on the net is for mail servers, before accepting email from other email servers, to run an RDNS check on the sending server's IP address. This is one way to control SPAM because it at least ties a domain name to an IP.

The problem is, although we run pretty good Anti-SPAM, we still have some really annoying SPAM coming through the system. In part because senders are spoofing our internal email addresses so that the SPAM email looks like its coming from someone on the inside. Our Anti-SPAM filters are configured to ignore internal mail...

Also the outgoing queue is plugged up sending NDR replies from postmaster@domain.com to email addresses that do not exist because the SPAMMER spoofed them.

Bottom line, I think that doing an RDNS check on sending servers has become a standard enough practice that we should implement it. We have a Windows 2003 SBS Std server...

Thanks,

T
Before you ask, our serve
0
Comment
Question by:Tyson0317
4 Comments
 
LVL 15

Accepted Solution

by:
JimboEfx earned 500 total points
ID: 20363810
I don't think exchange RDN will provide the solution you want:

http://support.microsoft.com/kb/297412

Ensure you have set up exhange IMF:

http://www.petri.co.il/block_spam_with_exchange2003_imf.htm

Other features:

http://www.msexchange.org/tutorials/Microsoft-Small-Business-Server-2003-Spam-Filtering.html

Also consider implementing tar pitting (to slow down the spammers if nothing else)

http://www.msexchange.org/tutorials/Windows-based-SMTP-Tar-Pitting-Explained.html

The above may not solve the problem, just reduce it. In your place I would be asking questions of the software vendor and look to examine smtp conversations on your internal domain name - there is normally only one exchange server in a SBS environment so smtp conversations comming from your internal domain name to your exchange server should be few i would imagine.

Or look at a filtering services such as exchange hosted servrices - then only allow smtp to and from them...

0
 

Author Comment

by:Tyson0317
ID: 20370485
Jimbo,

I read the article that you posted and my heart dropped. Why the hell has MSFT not implemented this very simple method of SPAM control??

I read over the other articles - it seems that IMF is pretty much worthless... The article on MSExchange.org was useful, but I dont think that it will address our issue. And although it says that Block List Server are around, it does not mention where to find one...

Maybe you can help me find another solution to our specific problem. We use Cloudmark Anti-SPAM, which works pretty well. Unfortunately, I am in a catch-22 scenerio here. Cloudmark has an option where it does not filter all internal emails - this is good, because we do not send SPAM to one another. I had to do this because our bussiness is investment consulting, so we often send emails that contain stock trading terms, 401k, etc. Prior to instructing Cloudmark to not filter internal emails, it sometimes would think that a legit email was SPAM...

The problem now is that a SPAMMER is making his emails look like they are coming from one of the people in our office. The reply-to address is spoofed. We are getitng spammed by this method and it is working to bypass our Cloudmark filter because it is set to not block internal emails...

How can I keep spoofed emails like this from entering our network? Shouldnt there be a setting in Exchange to recognise that emails coming from the outside having reply addresses on the inside are invalid?
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Written by Glen Knight (demazter) as part of a series of how-to articles. Introduction One of the biggest consumers of disk space with Small Business Server 2008(SBS) is Windows Server Update Services, more affectionately known as WSUS. For t…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question