Solved

Outgoing NDR

Posted on 2008-06-11
9
1,021 Views
Last Modified: 2010-04-21
Hi there.

I´m running an Exchange 2003 server on my Home network.
It´s fully updated and running fine.
Lately I have been recieving alot of NDR´s.
I have been reading that I shouldn´t disable NDR because I could get blacklisted.
But at Technet, Microsoft encourages you to disable NDR.
My question is, is there a difference between disabling outgoing NDR and ingoing?
I should think it would be ok to accept incomming ndr and have the server not generate outgoing in case of false recipients?
Is that the way to do it?
Under internet message formats you can disable ndr´s, but is that for outgoing, ingoing or both?
If you can disable outgoing only, where do I do that?
I have set up spf records and that seems to have solved the massive ndr recieving, but I figured I might as well disable outgoing to spare others the problems with recieving ndr from my server.
I have been thinking to set up my real domain name under internet message formats and remove ndr from that one and leave the * as it is with ndr on. Would this be a bad idea?
0
Comment
Question by:Ducknaldi
  • 3
  • 3
  • 2
  • +1
9 Comments
 
LVL 8

Expert Comment

by:chrismanncalgavin
ID: 21760235
See the following which talks about disabling NDR's:
http://support.microsoft.com/kb/294757

If you disable NDR's, all outgoing will be disabled but you will still see incoming NDR's if you have a failed email sent out for example to another person.
If you still want a copy of the NDR's that would normally go out, then the best thing is to use "Send copy of non-delivery report to" and set it to something like administrator@yourdomain.com.
This way, if someone sends an email to a user that does not have an address (undeliverable) then you will receive a copy of this email. Very useful!

Chris
0
 
LVL 3

Expert Comment

by:tsorensen55
ID: 21760290
First, disabling NDR will not get you blacklisted from my experiences, not disabling it can land you on a "backscatter" blacklist however due to volume of NDRs being sent out from your server during a spam session.

The one under internet format is for outgoing only. The only way to block NDRs from other companies would be to filter them out inside of exchange. I personally disable outgoing NDRs but I don't block incoming ones. This results in some of my users who are used as spoofing addresses to get some emails claiming they sent an email when they didn't but I just keep educating them on why that happens and they seem to be understanding of it.

As for adding your domain and leaving NDR off but leaving the default on, I personally would recommend disabling NDR all around. It can still land you on a backscatter list so you might as well avoid it all together from the get go.

Todd
0
 
LVL 8

Expert Comment

by:chrismanncalgavin
ID: 21760444
Good comment tsorensen55, makes a lot of sense.
I have had problems here with spoofed addresses and false NDR's coming in as well.
It's hard to get your head around for some people, trying to explain it!
This is something you can't do much about.

Ideally switching NDR's off is probably not best because they used to be quite useful, but now it seems to be unmanageable with the amount of spam emails being sent the server is put under such load!

(If anybody really wants to see if an email is delivered they can always use delivery receipts anyways)
0
 
LVL 1

Author Comment

by:Ducknaldi
ID: 21760621
tsorensen55 I think I´ll award you the points, but tell me first.
How does anyone ever find out if I´m generating ndr´s or not.
I mean to find out if I´m doing that, these services would have to spam my mailserver with non-plausible mails or what?
If the server accepts an email, everything is fine.
But if the user does not exist and my server doesnt generate a ndr, then, at least in my logic, the sending part should do nothing further, because the mail didn´t bounce and everything should at least look fine to the sending part or what???
And by the way. How do you block incomming ndr´s?
I feel we can live without real ndr´s so I might as well block them all, to get rid of all those stupid mails comming in.
Can you do that in exchange og do I have to use a GFI product instead?
0
Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

 
LVL 1

Author Comment

by:Ducknaldi
ID: 21761008
Hi Chrissmann

You are perfectly right there.
I use delivery receipts in very important mails anyway, so I might as well block all ndr´s completely, if possible.
0
 
LVL 3

Accepted Solution

by:
tsorensen55 earned 250 total points
ID: 21761114
To find out if you are sending NDRs out simply send an email from an external account like hotmail etc to a bogus address inside of your organization ie send to thisaddressdoesntexist@yourdomainname.com if you receive a bounce back that the user doesn't exist in that organization from your corporate mail server than NDR is enabled.

If you have it turned off then you are correct, nothing happens once it finds out that there is no valid address there. As far as the sender is concerned the message went through and it does not resend.

As for blocking incoming, we use 2 barracuda devices in my organization so i'm not extremely familiar with the options inside of exchange. I'm researching it on a stock exchange server I have in my test bed and should know something here shortly on how to block it. In my cuda devices I would do a subject filter of emails containing "Undeliverable" or "Undelivered".
0
 
LVL 3

Expert Comment

by:tsorensen55
ID: 21761409
I totally agree with using the delivery receipts as a source of verification. It is unfortunate that a simple function of communication letting you know something went wrong has turned into such an easy way to abuse mail servers and bandwidth. There have even been stints as of late where spammers are forging fake NDRs to try and slip by anti-spam techniques and it really makes me wish NDRs would just be removed/rewritten as a whole to avoid this sort of thing.
0
 
LVL 1

Author Closing Comment

by:Ducknaldi
ID: 31466162
thx
0
 

Expert Comment

by:gbslimited
ID: 21980670
I've got a similar problem.  Ever since i changed my exchange server's rDNS to the same of the DNS i get 100 or so undeliverable messages a day.  All of them spam messages either using my email address as a spoof or using my server.

I have no idea what to do, maybe change the settings back to a non FDQN.
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Scam emails are a huge burden for many businesses. Spotting one is not always easy. Follow our tips to identify if an email you receive is a scam.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
This video discusses moving either the default database or any database to a new volume.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now