Solved

NDR Spam attack

Posted on 2010-11-18
6
888 Views
Last Modified: 2012-05-10
My client suddenly has 1 user receiving loads of these NDR's thtough:

----- Original Message -----
From: Mail Delivery System <Mailer-Daemon@dedic0.cmspanel.ru>
To: User
Sent: Thu Nov 18 06:16:08 2010
Subject: Mail delivery failed: returning message to sender

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

  info@yug-poliv.ru
    mailbox is full: retry timeout exceeded

Needless to say he didnt send the original message.

My client has good email hygeine - Reverse DNS is set up, SPF, not an open relay, Anti-Spam appliance, etc.

There are 0 queues in Exchange 2007 EMC.

How do I stop this? The majority are from .ru domains!
0
Comment
Question by:hongedit
  • 3
  • 3
6 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34162577
The problem could be in the fact that his email address is being spoofed by some spamming club/program. Though he did not send the origional message, the receiving mailservers simply return the NDR to the sender addres, the user's one.
There's not much you can do to prevent this from happening, even with the best email hygiene. If there's only one person (who has the users email address) out there is getting hit by a virus or similar they could start using the user's (and all other found addresses) as fake sender addresses.
0
 
LVL 1

Author Comment

by:hongedit
ID: 34163141
So there's nothing I can do? He's now getting hundreds through every hour, its insane!
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34163214
You could block NDR's at the server.
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 1

Author Comment

by:hongedit
ID: 34163218
But they need to be able to receive real NDR's :(

Crap.
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 34163323
It is...... One of the side effects of our modern communication technology.
0
 
LVL 1

Author Closing Comment

by:hongedit
ID: 34163328
Thanks....I'll have to find another workaround!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Data breaches are on the rise, and companies are preparing by boosting their cybersecurity budgets. According to the Cybersecurity Market Report (http://www.cybersecurityventures.com/cybersecurity-market-report), worldwide spending on cybersecurity …
OnPage: Incident management and secure messaging on your smartphone
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question