JesseLoesch
asked on
Under a Reverse NDR attack for the last 72 hours
Ok, for the last 72 hours one person in our organization has been receiving almost 200 NDRs an hour. it is only one SMTP address of only one User so I am guessing someone is sending spoofed spam and these are just the ndrs from those rcpt's. One solution is to just change his eMail address and all of this would of course stop but from a business standpoint these just does not seem like the best option.
What else can I do here to stop this?
Running Exchange Server 2003 on Server 2003 Enterprise with TrendMicro Scanmail.
What else can I do here to stop this?
Running Exchange Server 2003 on Server 2003 Enterprise with TrendMicro Scanmail.
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Yea pretty much what I am doing already pretty much anything keyword Undeliverable, Undelivered, SPAM, failure, failed have been moved to that users junk email box.
In the future is there ways "I" or "My Organization" can prevent this from happening or is this pretty much poor management of the servers sending the NDR back to me?
In the future is there ways "I" or "My Organization" can prevent this from happening or is this pretty much poor management of the servers sending the NDR back to me?
Both statements are true. These NDR sending servers are poorly set up, if for this reason only: If your server sent and NDR back, these NDRs would be stuck in a loop between their server and your server.
Although this is a debatable issue, I choose not to send NDRs for any reason. External NDRs that come as responses to emails sent by my users, are forwarded to users' mailboxes. Stray NDRs like the ones you're receiving are treated like SPAM and placed in a quarantine.
Like I said in my previous post, I don't know what ScanMail can and cannot do. I have accomplished the above by employing a server with the Exchange Edge role and using transport and filtering rules.
Although this is a debatable issue, I choose not to send NDRs for any reason. External NDRs that come as responses to emails sent by my users, are forwarded to users' mailboxes. Stray NDRs like the ones you're receiving are treated like SPAM and placed in a quarantine.
Like I said in my previous post, I don't know what ScanMail can and cannot do. I have accomplished the above by employing a server with the Exchange Edge role and using transport and filtering rules.
ASKER
Thank you for this information and I will employ some of the details from the other question. Right now I have the filters setup to just move the email and have temporarily disabled NDR's hopefully will just be able to ride the storm out.
Thank You again!
Thank You again!
https://www.experts-exchange.com/questions/23634633/In-the-last-3-hours-I-have-been-getting-hundreds-of-emails-from-other-email-servers.html