Getting rid of spoofed NDR's in Exchange 2007
Posted on 2008-11-10
It appears that there is a lot spam being spoofed with our domain. Our SMTP queues continually fill up with undeliverable replies. If you look at any one of these messages, the recipient is always listed as some random email address that is not part of our organization or email domain scope. We are running Exchange 2007, and also Groupshield 7.0 for Exchange. I can create a content filter rule in Groupshield to blocks all messages that start with "Undeliverable", but then we lose legitimate NDR's. I have tried to create a transport rule in Exchange 2007, but it doesn't appear to be working. What I have done is create a transport rule that says:
When a message is sent to users OUTSIDE the organization (because the recipient is listed as an outside email address)
AND the subject line contains "Undeliverable:*"
Silently drop the message
So, I would assume that this transport rule would delete all messages that have outside recipients and have Undeliverable as the start of the subject line. However, we still receive TONS of these spoofed NDR's. The recipient email address is blank "<>" on all of these NDR's. Does anyone know how I can limit these NDR's but still allow legit NDR's through?