asked on
Getting flooded with NDRs of emails we never sent.
Hi guys, out of the blue a few users here have reported 200+ "System Administrator" notices coming back from emails that they never sent. This happens mostly overnight and an examination of the headers shows that they were sent from another mail server using fake names and our email addresses as the
"reply to" line...
In a few cases with our users that have cell-phone forwarded email, this flooded their cell phone also.
This is a bit annoying! What's an easy fix?
We run Exchange 2003 SBS with Outlook 2003.
"reply to" line...
In a few cases with our users that have cell-phone forwarded email, this flooded their cell phone also.
This is a bit annoying! What's an easy fix?
We run Exchange 2003 SBS with Outlook 2003.
ExchangeSBS
Last Comment
Sembee
Create a rule to move them to another folder. Otherwise, there's nothing you can do.
you need a anti-spam solution on your machine.
or enable SMTP filtering on your exchagne SMTP gateway
more suggestions are welcome
thanks.
or enable SMTP filtering on your exchagne SMTP gateway
more suggestions are welcome
thanks.
ASKER
We have Anti-SPAM installed on the server, but it still lets these through because they are valid non-deliverables. I will not just port them elsewhere because we need legitimate NDRs for when we send mail and the recipient does not get it...
Anti-Spam techniques can be useful against this. Exchange 2003 with SP2 supports IMF (Intelligent Message Filtering), Black Listing (e.g. SORBS), and Sender ID. These are accessed via the Exchange Server Manager (ESM), Global Settings > Message Delivery (right-click on it and select Properties). This includes the Sender Filtering, Recipient Filtering, Connection Filtering (for black listing), Intelligent Message Filtering, and Sender ID filtering.
You can block, via the SMTP adapter's Access tab > Connection button , specific IP addresses (if messages are coming from the same source).
You can block, via the SMTP adapter's Access tab > Connection button , specific IP addresses (if messages are coming from the same source).
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Most NDRs do not include the full text of the original message - only a subject line. Many subject lines are "common" and virtually impossible to filter out without filtering out good mail as well.
ASKER
Ark - unfortunately, these are coming from all over the place. They are legit NDRs just sent to the wrong person...
Lee, I expect something to look at the header and see that the original email did not come from our server and thus the bounce-back should not be coming here... Doesnt sound that hard.
Also, the original SPAM uses some fake name that does not go with the mail accounts affected - this would be another way for something to filter it... Problem is, this is beyond Exchange/Outlook as far as I know...
Lee, I expect something to look at the header and see that the original email did not come from our server and thus the bounce-back should not be coming here... Doesnt sound that hard.
Also, the original SPAM uses some fake name that does not go with the mail accounts affected - this would be another way for something to filter it... Problem is, this is beyond Exchange/Outlook as far as I know...
You can't do that because sometimes people might LEGITIMATELY use a Reply To line and the sending mail server would be different from the one that gets the NDR.
ok you can enable authenticated users and machine accounts for SMTP relay permissions.That helps
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.