Exchange 2003 mail account flooded with NDR reports

A mail account on a Windows/Exchange 2003 server is getting flooded with NDR reports.  The server comes clean as a non-relay and the NDR's are coming in from all over.  How is the best way to block this?
dmoringAsked:
Who is Participating?
 
tntmaxConnect With a Mentor Commented:
What are the NDRs to? Is there anything in the outbound queue that does not look right?
0
 
dmoringAuthor Commented:
I will need to look - they are all similiar and spam (Subject, etc.) but from different IP's.  I will look in the outbound queue and see what I can, but I think the original emails are coming from another infected machine (not under my control).  Is there a way to stop the NDR from getting to the recipient?
0
 
kdtreshConnect With a Mentor Commented:
Here's how to do it in Exchange 2007, I don't have a 2003 console to check if you can do something similar.

http://johanveldhuis.nl/?page_id=873&lang=en

The idea is to set up two transport rules: one to tag all outbound messages with a unique tag that only you know, and the other to check all inbound NDR messages (which should include the header) to make sure your unique tag is there. If your tag isn't there, it wasn't sent by your organization, and you can drop the message.
0
 
dmoringAuthor Commented:
Hmmm... yes, backscatter might work if I can make it work with 2003 - let me check.  Thanks.
0
 
dmoringAuthor Commented:
Thanks - its stopped on its own, but these are great answers to try when (no if) it happens again - thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.