Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

How to set up our Exchange server to perform an RDN check on servers that send mail to us?

Posted on 2007-11-27
4
Medium Priority
?
396 Views
Last Modified: 2010-04-19
A common practice on the net is for mail servers, before accepting email from other email servers, to run an RDNS check on the sending server's IP address. This is one way to control SPAM because it at least ties a domain name to an IP.

The problem is, although we run pretty good Anti-SPAM, we still have some really annoying SPAM coming through the system. In part because senders are spoofing our internal email addresses so that the SPAM email looks like its coming from someone on the inside. Our Anti-SPAM filters are configured to ignore internal mail...

Also the outgoing queue is plugged up sending NDR replies from postmaster@domain.com to email addresses that do not exist because the SPAMMER spoofed them.

Bottom line, I think that doing an RDNS check on sending servers has become a standard enough practice that we should implement it. We have a Windows 2003 SBS Std server...

Thanks,

T
Before you ask, our serve
0
Comment
Question by:Tyson0317
4 Comments
 
LVL 15

Accepted Solution

by:
JimboEfx earned 2000 total points
ID: 20363810
I don't think exchange RDN will provide the solution you want:

http://support.microsoft.com/kb/297412

Ensure you have set up exhange IMF:

http://www.petri.co.il/block_spam_with_exchange2003_imf.htm

Other features:

http://www.msexchange.org/tutorials/Microsoft-Small-Business-Server-2003-Spam-Filtering.html

Also consider implementing tar pitting (to slow down the spammers if nothing else)

http://www.msexchange.org/tutorials/Windows-based-SMTP-Tar-Pitting-Explained.html

The above may not solve the problem, just reduce it. In your place I would be asking questions of the software vendor and look to examine smtp conversations on your internal domain name - there is normally only one exchange server in a SBS environment so smtp conversations comming from your internal domain name to your exchange server should be few i would imagine.

Or look at a filtering services such as exchange hosted servrices - then only allow smtp to and from them...

0
 

Author Comment

by:Tyson0317
ID: 20370485
Jimbo,

I read the article that you posted and my heart dropped. Why the hell has MSFT not implemented this very simple method of SPAM control??

I read over the other articles - it seems that IMF is pretty much worthless... The article on MSExchange.org was useful, but I dont think that it will address our issue. And although it says that Block List Server are around, it does not mention where to find one...

Maybe you can help me find another solution to our specific problem. We use Cloudmark Anti-SPAM, which works pretty well. Unfortunately, I am in a catch-22 scenerio here. Cloudmark has an option where it does not filter all internal emails - this is good, because we do not send SPAM to one another. I had to do this because our bussiness is investment consulting, so we often send emails that contain stock trading terms, 401k, etc. Prior to instructing Cloudmark to not filter internal emails, it sometimes would think that a legit email was SPAM...

The problem now is that a SPAMMER is making his emails look like they are coming from one of the people in our office. The reply-to address is spoofed. We are getitng spammed by this method and it is working to bypass our Cloudmark filter because it is set to not block internal emails...

How can I keep spoofed emails like this from entering our network? Shouldnt there be a setting in Exchange to recognise that emails coming from the outside having reply addresses on the inside are invalid?
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A lot of problems and solutions are available on the net for the error message "Source server does not meet minimum requirements for migration" while performing a migration from Small Business Server 2003 to SBS 2008. This error pops up just before …
Introduction At 19:33 (UST) on Tuesday 21st September the long awaited email arrived with the subject title of “ANNOUNCING THE AVAILABILITY OF WINDOWS SBS 7 PREVIEW”.  It was time to drop whatever I was doing and dedicate as much bandwidth as possi…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

972 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question