Solved

Under spam attack, want to reject NDR's

Posted on 2008-06-20
4
798 Views
Last Modified: 2012-08-13
I'm under a spam attack at the moment - I've just been flooded with NDR's.  I've already installed Service Pack 2, so I've set up connection filtering and intelligent message filtering, but not SenderID or the stricter methods, such as rejecting non-specific e-mail addresses (I need to be able to accept e-mails sent to 'info@' etc.)

The problem is, because these are NDR's, they're getting through: so firstly, is there any way I can configure Exchange to bury the NDR's silently in order to relieve the symptoms, and secondly, what other hardening techniques do you recommend that I apply?

Mark
0
Comment
Question by:Techdivision
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 3

Expert Comment

by:fadiramada
ID: 21830657
Hi Mark,

I have had the NDR flood attack on my domain two weeks ago. Have you tried tar pitting? Please see the following Microsoft article for mor information:

http://support.microsoft.com/kb/842851

Hope this helps,

Fadi.
0
 

Author Comment

by:Techdivision
ID: 21830942
Thanks Fadi - The problem is that I'm on the receiving end of the NDR reports; it's not that my server is sending them out.  Looking through that support base article, it looks like tar-pitting is a solution to stop my server from sending them out, which it isn't actually doing.  Or have I read the article wrong?
0
 
LVL 3

Accepted Solution

by:
fadiramada earned 500 total points
ID: 21831081
No, I just misunderstood your question. I thought the NDR's were originating from your server, sorry :-)

I understand now what you mean. I believe that a certain RFC says that your server must receive NDR's destined to it, I would then focus on filtering the NDR's out immediately after receipt. A very good software for this is Vamsoft's ORF (www.vamsoft.com) - There is a free 30-day trial that you can download from their website and their software is very reasonably priced.

I would try downloading ORF as a 30 day trial and installing it on your exchange box, see if that doesn't take care of the flood of NDR's you are receiving. You should see an immediate improvement.

Thanks,

Fadi.
0
 

Author Closing Comment

by:Techdivision
ID: 31469110
Thank you, will give that one a try.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data‚Ķ
how to add IIS SMTP to handle application/Scanner relays into office 365.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question