Go Premium for a chance to win a PS4. Enter to Win


Outgoing NDR

Posted on 2008-06-11
Medium Priority
Last Modified: 2010-04-21
Hi there.

I´m running an Exchange 2003 server on my Home network.
It´s fully updated and running fine.
Lately I have been recieving alot of NDR´s.
I have been reading that I shouldn´t disable NDR because I could get blacklisted.
But at Technet, Microsoft encourages you to disable NDR.
My question is, is there a difference between disabling outgoing NDR and ingoing?
I should think it would be ok to accept incomming ndr and have the server not generate outgoing in case of false recipients?
Is that the way to do it?
Under internet message formats you can disable ndr´s, but is that for outgoing, ingoing or both?
If you can disable outgoing only, where do I do that?
I have set up spf records and that seems to have solved the massive ndr recieving, but I figured I might as well disable outgoing to spare others the problems with recieving ndr from my server.
I have been thinking to set up my real domain name under internet message formats and remove ndr from that one and leave the * as it is with ndr on. Would this be a bad idea?
Question by:Ducknaldi
  • 3
  • 3
  • 2
  • +1

Expert Comment

ID: 21760235
See the following which talks about disabling NDR's:

If you disable NDR's, all outgoing will be disabled but you will still see incoming NDR's if you have a failed email sent out for example to another person.
If you still want a copy of the NDR's that would normally go out, then the best thing is to use "Send copy of non-delivery report to" and set it to something like administrator@yourdomain.com.
This way, if someone sends an email to a user that does not have an address (undeliverable) then you will receive a copy of this email. Very useful!


Expert Comment

ID: 21760290
First, disabling NDR will not get you blacklisted from my experiences, not disabling it can land you on a "backscatter" blacklist however due to volume of NDRs being sent out from your server during a spam session.

The one under internet format is for outgoing only. The only way to block NDRs from other companies would be to filter them out inside of exchange. I personally disable outgoing NDRs but I don't block incoming ones. This results in some of my users who are used as spoofing addresses to get some emails claiming they sent an email when they didn't but I just keep educating them on why that happens and they seem to be understanding of it.

As for adding your domain and leaving NDR off but leaving the default on, I personally would recommend disabling NDR all around. It can still land you on a backscatter list so you might as well avoid it all together from the get go.


Expert Comment

ID: 21760444
Good comment tsorensen55, makes a lot of sense.
I have had problems here with spoofed addresses and false NDR's coming in as well.
It's hard to get your head around for some people, trying to explain it!
This is something you can't do much about.

Ideally switching NDR's off is probably not best because they used to be quite useful, but now it seems to be unmanageable with the amount of spam emails being sent the server is put under such load!

(If anybody really wants to see if an email is delivered they can always use delivery receipts anyways)
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.


Author Comment

ID: 21760621
tsorensen55 I think I´ll award you the points, but tell me first.
How does anyone ever find out if I´m generating ndr´s or not.
I mean to find out if I´m doing that, these services would have to spam my mailserver with non-plausible mails or what?
If the server accepts an email, everything is fine.
But if the user does not exist and my server doesnt generate a ndr, then, at least in my logic, the sending part should do nothing further, because the mail didn´t bounce and everything should at least look fine to the sending part or what???
And by the way. How do you block incomming ndr´s?
I feel we can live without real ndr´s so I might as well block them all, to get rid of all those stupid mails comming in.
Can you do that in exchange og do I have to use a GFI product instead?

Author Comment

ID: 21761008
Hi Chrissmann

You are perfectly right there.
I use delivery receipts in very important mails anyway, so I might as well block all ndr´s completely, if possible.

Accepted Solution

tsorensen55 earned 750 total points
ID: 21761114
To find out if you are sending NDRs out simply send an email from an external account like hotmail etc to a bogus address inside of your organization ie send to thisaddressdoesntexist@yourdomainname.com if you receive a bounce back that the user doesn't exist in that organization from your corporate mail server than NDR is enabled.

If you have it turned off then you are correct, nothing happens once it finds out that there is no valid address there. As far as the sender is concerned the message went through and it does not resend.

As for blocking incoming, we use 2 barracuda devices in my organization so i'm not extremely familiar with the options inside of exchange. I'm researching it on a stock exchange server I have in my test bed and should know something here shortly on how to block it. In my cuda devices I would do a subject filter of emails containing "Undeliverable" or "Undelivered".

Expert Comment

ID: 21761409
I totally agree with using the delivery receipts as a source of verification. It is unfortunate that a simple function of communication letting you know something went wrong has turned into such an easy way to abuse mail servers and bandwidth. There have even been stints as of late where spammers are forging fake NDRs to try and slip by anti-spam techniques and it really makes me wish NDRs would just be removed/rewritten as a whole to avoid this sort of thing.

Author Closing Comment

ID: 31466162

Expert Comment

ID: 21980670
I've got a similar problem.  Ever since i changed my exchange server's rDNS to the same of the DNS i get 100 or so undeliverable messages a day.  All of them spam messages either using my email address as a spoof or using my server.

I have no idea what to do, maybe change the settings back to a non FDQN.

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Want to know how to use Exchange Server Eseutil command? Go through this article as it gives you the know-how.
In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question