Solved

Outgoing NDR

Posted on 2008-06-11
9
1,023 Views
Last Modified: 2010-04-21
Hi there.

I´m running an Exchange 2003 server on my Home network.
It´s fully updated and running fine.
Lately I have been recieving alot of NDR´s.
I have been reading that I shouldn´t disable NDR because I could get blacklisted.
But at Technet, Microsoft encourages you to disable NDR.
My question is, is there a difference between disabling outgoing NDR and ingoing?
I should think it would be ok to accept incomming ndr and have the server not generate outgoing in case of false recipients?
Is that the way to do it?
Under internet message formats you can disable ndr´s, but is that for outgoing, ingoing or both?
If you can disable outgoing only, where do I do that?
I have set up spf records and that seems to have solved the massive ndr recieving, but I figured I might as well disable outgoing to spare others the problems with recieving ndr from my server.
I have been thinking to set up my real domain name under internet message formats and remove ndr from that one and leave the * as it is with ndr on. Would this be a bad idea?
0
Comment
Question by:Ducknaldi
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 8

Expert Comment

by:chrismanncalgavin
ID: 21760235
See the following which talks about disabling NDR's:
http://support.microsoft.com/kb/294757

If you disable NDR's, all outgoing will be disabled but you will still see incoming NDR's if you have a failed email sent out for example to another person.
If you still want a copy of the NDR's that would normally go out, then the best thing is to use "Send copy of non-delivery report to" and set it to something like administrator@yourdomain.com.
This way, if someone sends an email to a user that does not have an address (undeliverable) then you will receive a copy of this email. Very useful!

Chris
0
 
LVL 3

Expert Comment

by:tsorensen55
ID: 21760290
First, disabling NDR will not get you blacklisted from my experiences, not disabling it can land you on a "backscatter" blacklist however due to volume of NDRs being sent out from your server during a spam session.

The one under internet format is for outgoing only. The only way to block NDRs from other companies would be to filter them out inside of exchange. I personally disable outgoing NDRs but I don't block incoming ones. This results in some of my users who are used as spoofing addresses to get some emails claiming they sent an email when they didn't but I just keep educating them on why that happens and they seem to be understanding of it.

As for adding your domain and leaving NDR off but leaving the default on, I personally would recommend disabling NDR all around. It can still land you on a backscatter list so you might as well avoid it all together from the get go.

Todd
0
 
LVL 8

Expert Comment

by:chrismanncalgavin
ID: 21760444
Good comment tsorensen55, makes a lot of sense.
I have had problems here with spoofed addresses and false NDR's coming in as well.
It's hard to get your head around for some people, trying to explain it!
This is something you can't do much about.

Ideally switching NDR's off is probably not best because they used to be quite useful, but now it seems to be unmanageable with the amount of spam emails being sent the server is put under such load!

(If anybody really wants to see if an email is delivered they can always use delivery receipts anyways)
0
 
LVL 1

Author Comment

by:Ducknaldi
ID: 21760621
tsorensen55 I think I´ll award you the points, but tell me first.
How does anyone ever find out if I´m generating ndr´s or not.
I mean to find out if I´m doing that, these services would have to spam my mailserver with non-plausible mails or what?
If the server accepts an email, everything is fine.
But if the user does not exist and my server doesnt generate a ndr, then, at least in my logic, the sending part should do nothing further, because the mail didn´t bounce and everything should at least look fine to the sending part or what???
And by the way. How do you block incomming ndr´s?
I feel we can live without real ndr´s so I might as well block them all, to get rid of all those stupid mails comming in.
Can you do that in exchange og do I have to use a GFI product instead?
0
Want to promote your upcoming event?

Attending an event? Speaking at a conference? Or exhibiting at a trade show? Easily inform your contacts by using a promotional banner in your email signature. This will ensure your organization’s most important contacts are in the know.

 
LVL 1

Author Comment

by:Ducknaldi
ID: 21761008
Hi Chrissmann

You are perfectly right there.
I use delivery receipts in very important mails anyway, so I might as well block all ndr´s completely, if possible.
0
 
LVL 3

Accepted Solution

by:
tsorensen55 earned 250 total points
ID: 21761114
To find out if you are sending NDRs out simply send an email from an external account like hotmail etc to a bogus address inside of your organization ie send to thisaddressdoesntexist@yourdomainname.com if you receive a bounce back that the user doesn't exist in that organization from your corporate mail server than NDR is enabled.

If you have it turned off then you are correct, nothing happens once it finds out that there is no valid address there. As far as the sender is concerned the message went through and it does not resend.

As for blocking incoming, we use 2 barracuda devices in my organization so i'm not extremely familiar with the options inside of exchange. I'm researching it on a stock exchange server I have in my test bed and should know something here shortly on how to block it. In my cuda devices I would do a subject filter of emails containing "Undeliverable" or "Undelivered".
0
 
LVL 3

Expert Comment

by:tsorensen55
ID: 21761409
I totally agree with using the delivery receipts as a source of verification. It is unfortunate that a simple function of communication letting you know something went wrong has turned into such an easy way to abuse mail servers and bandwidth. There have even been stints as of late where spammers are forging fake NDRs to try and slip by anti-spam techniques and it really makes me wish NDRs would just be removed/rewritten as a whole to avoid this sort of thing.
0
 
LVL 1

Author Closing Comment

by:Ducknaldi
ID: 31466162
thx
0
 

Expert Comment

by:gbslimited
ID: 21980670
I've got a similar problem.  Ever since i changed my exchange server's rDNS to the same of the DNS i get 100 or so undeliverable messages a day.  All of them spam messages either using my email address as a spoof or using my server.

I have no idea what to do, maybe change the settings back to a non FDQN.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
Read this checklist to learn more about the 15 things you should never include in an email signature.
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
how to add IIS SMTP to handle application/Scanner relays into office 365.

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now