• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 614
  • Last Modified:

Exchange 2003 Delivery Status Notification Compliance

I have the exact same question as the related question. But, the solution there won't work for me as I don't have a thrid party spam/virus filter.

Here is the related question, which I am copying verbatim:

We are wanting to receive emails from a service that is requiring that we are Deliivery Status Notification compliant, which according to them is:

-----------------------------------------
Confirmation via Delivery Service Notification (DSN)
The first thing you should do is determine whether your email account is Delivery Status Notification (DSN) compliant. If you use an email provider that is DSN compliant it will automatically return an electronic email confirmation to the BNC that the email sent by the BNC was delivered to your mailbox.
-----------------------------------------

As we have our own Exchange 2003 server, I've looked and am not sure what needs to be changed to allow this?

I have confirmed that in the Exchange System Manager, under Global Settings, Internet Message Formats, Default, Advanced, all boxes are checked except for Allow automatic forward. The checked boxes are Allow out of office responses, Allow automatic replies, Allow delivery reports, Allow non-delivery reports, Preserve sender's display nameo n message.

Thanks
0
carlosab
Asked:
carlosab
1 Solution
 
PartnerTekCommented:
Allow Delivery Reports and Allow Non-Delivery Reports need to be check in order to be compliant.
0
 
B HCommented:
you can test this by sending an email into your server from any unrelated external email account and requesting a delivery confirmation.  then, send an email from the same external account to some invaliduser@yourdomain.com.

if you get a delivery report, and a non-delivery report, you fit their requirements
0
 
Shreedhar EtteCommented:
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
carlosabAuthor Commented:
PartnerTek - they were checked.

Bryon - The organization has a website from which I can send a test email address. I've tested it and do not meet the requirements.

Shreedhar - I did see the answered question before posting and actually included a link to it in the "related solutions" section of my post. However, since I am not using a 3rd party spam/virus filter, the solution there doesn't help.
0
 
B HCommented:
lets rule out the organization from which you sent the test...

just as you can choose not to send NDRs, they can choose not to receive them.

if you can test from a sending server that for sure will accept NDRs we can be more sure - try sending as suggested from yahoo/hotmail something unrelated

0
 
carlosabAuthor Commented:
Good point. I just tested from a Yahoo account and did not receive a NDR.

I sent two separate emails to two separate addresses. The 1st address was valid and the email was obviously received without issue. The second address was invalid. The email was not received, and, my Yahoo account did not receive a NDR.
0
 
carlosabAuthor Commented:
Something else - I don't think this should matter, but, if I knew that for sure I wouldn't be asking for help at all, would I. :)

I use an application called Mailbasket MD to forward all misdirected emails that are sent to the domain to a catchall email account. To test for NDRs, I disabled the application.
0
 
B HCommented:
and are you sure in yahoo you requested a delivery receipt for the legit email?

the Mailbasket application would for sure get in the way of your NDR's.  the NDR is generated by the receiving MTA - if it's not accepted for delivery, an NDR is generated.  if the mailbasket accepts the email, no NDR would be made

now - since no NDR was made after disabling mailbasket, and no delivery confirmation was sent back either, we need to start looking at what might be proxying your inbound mail.

are you ok giving some of the public info about your setup, for more specific troubleshooting?  you can use "request attention" at the top right when we're done and ask a moderator to mask out your info later on.

what's the domain name we're talking about here, that should be sending receipts but isnt?
0
 
carlosabAuthor Commented:
I did not request a delivery receipt in yahoo for the legit email as I could not figure out how to do it. I also could not figure it out for my gmail account. I was simply trying to generate an NDR and thought that the fact that I did not receive an NDR would be sufficient

I don't have a problem with giving public info - depending on what it is. The domain is ** EDITED ** .
0
 
B HCommented:
thru off-thread testing we have determined that with mailgate enabled, READ receipts do get sent back to the sender but delivery receipts do not.

with mailgate disabled, READ and DELIVERY receipts both do get sent.

now, it is clear that mailgate does not allow for delivery receipts in its current configuration, so we'll need to look at mailgate and see if we can enable it.

i'll start looking for steps how to do this, unless you already know?
0
 
B HCommented:
from their guide, by design the server wouldn't send an NDR for invalid addresses - as they're intercepted by mailbasket.

read-receipts do work with mailbasket on or off

delivery-receipts work with mailbasket OFF and not on.

it doesn't look like there are many settings at all in this mailbasket program, it might be worthwhile to email support@turbogeeks.com and ask them what their position on delivery confirmation to valid addresses is.

if you do, also mention to them that their server may have been hacked: http://turbogeeks.com/downloads/lists/body.txt
0
 
carlosabAuthor Commented:
I emailed (and left phone messages) at turbogeeks support and have not received any response for two weeks. This is surprising since they have been very responsive in the past. I also provided them with the link to the page on their site which may indicate that it was hacked. The link still works, so, I don't know if they are getting the emails. At any rate, it doesn't look like I'll get anywhere with them.

I tried a work-around by having the emails sent to a Gmail account, and also to a Yahoo account. My thought was that I would then auto-forward the email to my standard account. But, neither of those accounts generated an NDR so that didn't work.

0
 
B HCommented:
with forwarding, the first account is the only one that would generate an NDR to the original sender, the others would just NDR to the redirected account

sender > your server > forward to gmail

if it's not on gmail, the ndr goes to your server
if it's not on your server, the ndr goes to the sender

it's a shame about turbogeeks, seems like a real useful product
0
 
carlosabAuthor Commented:
I thought that gmail or yahoo would generate an NDR to the sender, so I set it up like this:

sender > gmail > forward to my server.

That way, gmail would generate the NDR and then forward it to my system. Is there a way I could configure gmail (or one of the other major free web mail providers) to generate NDRs?

0
 
B HCommented:
well, any public mail server will only generate an NDR for accounts that don't exist.... of course if they don't exist, they can't get forwarded to your server.  if they are told to forward to your server, they exist and no NDR would be made
0
 
carlosabAuthor Commented:
Sorry. I used the wrong acronym. I meant to ask if there is a way I could configure gmail (or one of the other major free web mail providers) to generate DSNs?

0
 
B HCommented:
unfortunately almost all public mail servers won't support DSNs either - it has to do with preventing directory harvest attacks from spammers...  at least i can't find any that support dsn's

trying to figure out a way forward for you - the best answer may lie with your 3rd party software you already have - if you can just get the to answer you.  their software is absolutely causing your problem, so we need to get a fix from them or not use their software and go a whole different route.
0
 
carlosabAuthor Commented:
I've been "persistent" to put it mildly. I don't think they will respond.

I've become relatively reliant on the software because I very often give out random email addresses customized for a particular party. (If I goto Amazon, I use amazon@xxxxx.com; if I go to ebay, I use ebay@xxxxx.com.)  This system helps me identify parties that sell my email address. But, since I don't keep track of the addresses that I have given out, I'm now stuck. I can't stop using the software because I'll never remember all of the addresses out there, and some of the more important ones will be forgotten and email from those parties will be rejected.

0
 
B HCommented:
i think what you need is something like spamgourmet.com

basically, you can give out "fake" email addresses @spamgourmet.com (or any number of alias domains) and they'll be secretly routed to your real address.

there are too many options that you can take advantage of, but effectively they are catch-all's, created per-site you gave it to, AND you can automatically say "only allow up to 5 emails for this one alias"

so if i provide to a site, me.5.someword@spamgourmet.com, then i know when i receive email in my legit box, sent to that alias, i know who sent it.... and i know they can only send 4 more (any more are discarded)

you can log into your acct on spamgourmet, and list all your given aliases.  the best part is, you NEVER have to log into SG if you dont want to - the aliases are created totally on the fly, all you have to do is tell some website the made up alias.

there's a really good faq here:
http://www.spamgourmet.com/index.pl?printpage=faq.html

they have a project on sourceforge, they're all open source and totally free - with some work you could integrate it into your exchange server... or just use their service as it's free and fast anyway.

i think in the end, this is your intent... however, i don't have any idea what to do with your previously given aliases - leave the old software in place?
0
 
carlosabAuthor Commented:
thanks for the tip on spamgourmet. It looks like a great service.

But, as you pointed out, the previously given aliases are the problem. Because of them I do need to leave the old software in place. And, if it is in place, then I still have the problem with generating DSNs.
0
 
carlosabAuthor Commented:
Identified the cause of the problem.
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now