asked on
SMTP Response Code Manipulation
Guys im setting up a basic email gateway box using Vamsoft Orf to use recipient filtering.
I wanted to turn off the auto-reply email that you get when you send to an invalid address but i dont see an option for this.
So what i did was start playing with the SMTP reponse codes and i notice that if i set it from 550 to 451 the auto-response mails stop coming through, checking this out i see there are split into various ranges.
I was wondering if there is any harm in say me setting the response code to 459 and putting in some custom response text and this way the NDR doesnt seem to come back to the potential spammer?
Although i suppose it would be logged at their server level rather than the client?
I wanted to turn off the auto-reply email that you get when you send to an invalid address but i dont see an option for this.
So what i did was start playing with the SMTP reponse codes and i notice that if i set it from 550 to 451 the auto-response mails stop coming through, checking this out i see there are split into various ranges.
I was wondering if there is any harm in say me setting the response code to 459 and putting in some custom response text and this way the NDR doesnt seem to come back to the potential spammer?
Although i suppose it would be logged at their server level rather than the client?
Email ProtocolsExchangeEmail Servers
Last Comment
he_who_dares
Is this protecting an Exchange 2003 or higher server, with Vamsoft actually installed on the server? If so, then enable recipient filtering.
If it is not, then use the recipient filtering option in Vamsoft. You need to be using an on arrival rule, so that the message is rejected by your server and the remote server is forced to generate the NDR. This will not be seen by the spammer as they will be using a bot to send the messages. What you want to avoid is accepting the email and then generating an NDR as that is backscatter and will get your server blacklisted.
Simon.
If it is not, then use the recipient filtering option in Vamsoft. You need to be using an on arrival rule, so that the message is rejected by your server and the remote server is forced to generate the NDR. This will not be seen by the spammer as they will be using a bot to send the messages. What you want to avoid is accepting the email and then generating an NDR as that is backscatter and will get your server blacklisted.
Simon.
ASKER
Vamsoft is installed on a server 2003 box sitting in a DMZ and im currently using it for Recipient Validation / RBL / Greylisting.
This then relays to the Exchange 2003 box on the corporate net, where AV checks are done and i am thinking about enabling IMF on the exchancge too just to give it that bit extra.
So the receipient filtering should be done on-arrival not before arrival? Why is that?
Whichever way i configure it it sends back a 550 response mail. If i do tests from a hotmail account, the 550 comes back from the postmaster at hotmail.
This then relays to the Exchange 2003 box on the corporate net, where AV checks are done and i am thinking about enabling IMF on the exchancge too just to give it that bit extra.
So the receipient filtering should be done on-arrival not before arrival? Why is that?
Whichever way i configure it it sends back a 550 response mail. If i do tests from a hotmail account, the 550 comes back from the postmaster at hotmail.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Ooops... got it the wrong way round. It is before arrival that you need to recipient filtering, so that the message is rejected at the point of delivery. As already pointed out, it would seem that things are working correctly as the NDR is being generated by the Hotmail postmaster - which is what you want.
Simon.
Simon.
ASKER
OK that sounds good to me.
I expect that in some cases some companies may want to stop it from generating an NDR all together and as i said in the first post if i changed the status code to something like 451 on the Vamsoft app....this actually seemed to stop the NDR being generated from hotmail.
Would this be an option if u want to cut out NDR's altogether for recipient filtering...or by playing the response codes would this violate RFC rulings?
Im not sure why changing the status code had that affect...maybe it wouldnt with all mail servers?
I expect that in some cases some companies may want to stop it from generating an NDR all together and as i said in the first post if i changed the status code to something like 451 on the Vamsoft app....this actually seemed to stop the NDR being generated from hotmail.
Would this be an option if u want to cut out NDR's altogether for recipient filtering...or by playing the response codes would this violate RFC rulings?
Im not sure why changing the status code had that affect...maybe it wouldnt with all mail servers?
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thanks RID / Simon.
Actually i have used the accept and drop technique before but did want to avoid that as it did put a lot of additional stress on the systems. So before arrival it is then!
Just wondering as you seem to know about Vamsoft Simon, have you found a decent AV product that works well along side it at all?
Dan.
Actually i have used the accept and drop technique before but did want to avoid that as it did put a lot of additional stress on the systems. So before arrival it is then!
Just wondering as you seem to know about Vamsoft Simon, have you found a decent AV product that works well along side it at all?
Dan.
I have actually found that I do not need any AV software on the server.
Most virus infected messages and spam are now being spread using the same techniques, just with a different payload. One is to infect the machine, the other to send the messages using the infected machines - bot writers and spammers are now one and the same as far as I am concerned.
Therefore if the antispam software is working correctly it is blocking the messages that also contain viruses/worms.
The only reason I tend to use AV software now is to block legitimate attachments - eg stupid videos the users send between themselves. Something like GFI Mail Security does that job very well.
Simon.
Most virus infected messages and spam are now being spread using the same techniques, just with a different payload. One is to infect the machine, the other to send the messages using the infected machines - bot writers and spammers are now one and the same as far as I am concerned.
Therefore if the antispam software is working correctly it is blocking the messages that also contain viruses/worms.
The only reason I tend to use AV software now is to block legitimate attachments - eg stupid videos the users send between themselves. Something like GFI Mail Security does that job very well.
Simon.
ASKER
i see, i am actually using Groupshield on the Exchange so i suppose that will be enough.
I take it its ok to use a file level AV scanner on the Gateway box thats running Vamsoft or should the Vamsoft directory holding the database be excluded from scanning?
I take it its ok to use a file level AV scanner on the Gateway box thats running Vamsoft or should the Vamsoft directory holding the database be excluded from scanning?
Treat the database as any other database.
You may also want to consider excluding the holding directories within IIS from real time scanning as well, simply to avoid mail being held up by file locks caused by the AV, or the AV seeing a virus and then being unable to do anything with it because SMTP has already passed it on.
Simon.
You may also want to consider excluding the holding directories within IIS from real time scanning as well, simply to avoid mail being held up by file locks caused by the AV, or the AV seeing a virus and then being unable to do anything with it because SMTP has already passed it on.
Simon.
ASKER
Thanks for your help Simon thats great.
You too RID, i will be spliting the points.
Dan.
You too RID, i will be spliting the points.
Dan.
The other type of error message is generated by the sending server, when the recipient's server says something like "550: user does not exist" and terminates the SMTP session before the message is delivered. The sender server then sends directly to the sender mailbox a message that says that the recipient could not be reached.
The first type is in principle an email like any other, the other is an internal error message that never leaves the server that generates it.
What is your mail server software?
/RID