Solved

Under spam attack, want to reject NDR's

Posted on 2008-06-20
4
776 Views
Last Modified: 2012-08-13
I'm under a spam attack at the moment - I've just been flooded with NDR's.  I've already installed Service Pack 2, so I've set up connection filtering and intelligent message filtering, but not SenderID or the stricter methods, such as rejecting non-specific e-mail addresses (I need to be able to accept e-mails sent to 'info@' etc.)

The problem is, because these are NDR's, they're getting through: so firstly, is there any way I can configure Exchange to bury the NDR's silently in order to relieve the symptoms, and secondly, what other hardening techniques do you recommend that I apply?

Mark
0
Comment
Question by:Techdivision
  • 2
  • 2
4 Comments
 
LVL 3

Expert Comment

by:fadiramada
ID: 21830657
Hi Mark,

I have had the NDR flood attack on my domain two weeks ago. Have you tried tar pitting? Please see the following Microsoft article for mor information:

http://support.microsoft.com/kb/842851

Hope this helps,

Fadi.
0
 

Author Comment

by:Techdivision
ID: 21830942
Thanks Fadi - The problem is that I'm on the receiving end of the NDR reports; it's not that my server is sending them out.  Looking through that support base article, it looks like tar-pitting is a solution to stop my server from sending them out, which it isn't actually doing.  Or have I read the article wrong?
0
 
LVL 3

Accepted Solution

by:
fadiramada earned 500 total points
ID: 21831081
No, I just misunderstood your question. I thought the NDR's were originating from your server, sorry :-)

I understand now what you mean. I believe that a certain RFC says that your server must receive NDR's destined to it, I would then focus on filtering the NDR's out immediately after receipt. A very good software for this is Vamsoft's ORF (www.vamsoft.com) - There is a free 30-day trial that you can download from their website and their software is very reasonably priced.

I would try downloading ORF as a 30 day trial and installing it on your exchange box, see if that doesn't take care of the flood of NDR's you are receiving. You should see an immediate improvement.

Thanks,

Fadi.
0
 

Author Closing Comment

by:Techdivision
ID: 31469110
Thank you, will give that one a try.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
In this video we show how to create a Shared Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Sha…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question