Solved

Under spam attack, want to reject NDR's

Posted on 2008-06-20
4
807 Views
Last Modified: 2012-08-13
I'm under a spam attack at the moment - I've just been flooded with NDR's.  I've already installed Service Pack 2, so I've set up connection filtering and intelligent message filtering, but not SenderID or the stricter methods, such as rejecting non-specific e-mail addresses (I need to be able to accept e-mails sent to 'info@' etc.)

The problem is, because these are NDR's, they're getting through: so firstly, is there any way I can configure Exchange to bury the NDR's silently in order to relieve the symptoms, and secondly, what other hardening techniques do you recommend that I apply?

Mark
0
Comment
Question by:Techdivision
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 3

Expert Comment

by:fadiramada
ID: 21830657
Hi Mark,

I have had the NDR flood attack on my domain two weeks ago. Have you tried tar pitting? Please see the following Microsoft article for mor information:

http://support.microsoft.com/kb/842851

Hope this helps,

Fadi.
0
 

Author Comment

by:Techdivision
ID: 21830942
Thanks Fadi - The problem is that I'm on the receiving end of the NDR reports; it's not that my server is sending them out.  Looking through that support base article, it looks like tar-pitting is a solution to stop my server from sending them out, which it isn't actually doing.  Or have I read the article wrong?
0
 
LVL 3

Accepted Solution

by:
fadiramada earned 500 total points
ID: 21831081
No, I just misunderstood your question. I thought the NDR's were originating from your server, sorry :-)

I understand now what you mean. I believe that a certain RFC says that your server must receive NDR's destined to it, I would then focus on filtering the NDR's out immediately after receipt. A very good software for this is Vamsoft's ORF (www.vamsoft.com) - There is a free 30-day trial that you can download from their website and their software is very reasonably priced.

I would try downloading ORF as a 30 day trial and installing it on your exchange box, see if that doesn't take care of the flood of NDR's you are receiving. You should see an immediate improvement.

Thanks,

Fadi.
0
 

Author Closing Comment

by:Techdivision
ID: 31469110
Thank you, will give that one a try.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you troubleshoot Outlook for clients, you may want to know a bit more about the OST file before doing your next job. IMAP can cause a lot of drama if removed in the accounts without backing up.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question