Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 905
  • Last Modified:

NDR Spam attack

My client suddenly has 1 user receiving loads of these NDR's thtough:

----- Original Message -----
From: Mail Delivery System <Mailer-Daemon@dedic0.cmspanel.ru>
To: User
Sent: Thu Nov 18 06:16:08 2010
Subject: Mail delivery failed: returning message to sender

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

  info@yug-poliv.ru
    mailbox is full: retry timeout exceeded

Needless to say he didnt send the original message.

My client has good email hygeine - Reverse DNS is set up, SPF, not an open relay, Anti-Spam appliance, etc.

There are 0 queues in Exchange 2007 EMC.

How do I stop this? The majority are from .ru domains!
0
hongedit
Asked:
hongedit
  • 3
  • 3
1 Solution
 
Ernie BeekExpertCommented:
The problem could be in the fact that his email address is being spoofed by some spamming club/program. Though he did not send the origional message, the receiving mailservers simply return the NDR to the sender addres, the user's one.
There's not much you can do to prevent this from happening, even with the best email hygiene. If there's only one person (who has the users email address) out there is getting hit by a virus or similar they could start using the user's (and all other found addresses) as fake sender addresses.
0
 
hongeditAuthor Commented:
So there's nothing I can do? He's now getting hundreds through every hour, its insane!
0
 
Ernie BeekExpertCommented:
You could block NDR's at the server.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
hongeditAuthor Commented:
But they need to be able to receive real NDR's :(

Crap.
0
 
Ernie BeekExpertCommented:
It is...... One of the side effects of our modern communication technology.
0
 
hongeditAuthor Commented:
Thanks....I'll have to find another workaround!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now