Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

NDR Spam attack

Posted on 2010-11-18
6
Medium Priority
?
895 Views
Last Modified: 2012-05-10
My client suddenly has 1 user receiving loads of these NDR's thtough:

----- Original Message -----
From: Mail Delivery System <Mailer-Daemon@dedic0.cmspanel.ru>
To: User
Sent: Thu Nov 18 06:16:08 2010
Subject: Mail delivery failed: returning message to sender

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

  info@yug-poliv.ru
    mailbox is full: retry timeout exceeded

Needless to say he didnt send the original message.

My client has good email hygeine - Reverse DNS is set up, SPF, not an open relay, Anti-Spam appliance, etc.

There are 0 queues in Exchange 2007 EMC.

How do I stop this? The majority are from .ru domains!
0
Comment
Question by:hongedit
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34162577
The problem could be in the fact that his email address is being spoofed by some spamming club/program. Though he did not send the origional message, the receiving mailservers simply return the NDR to the sender addres, the user's one.
There's not much you can do to prevent this from happening, even with the best email hygiene. If there's only one person (who has the users email address) out there is getting hit by a virus or similar they could start using the user's (and all other found addresses) as fake sender addresses.
0
 
LVL 1

Author Comment

by:hongedit
ID: 34163141
So there's nothing I can do? He's now getting hundreds through every hour, its insane!
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34163214
You could block NDR's at the server.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 1

Author Comment

by:hongedit
ID: 34163218
But they need to be able to receive real NDR's :(

Crap.
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 2000 total points
ID: 34163323
It is...... One of the side effects of our modern communication technology.
0
 
LVL 1

Author Closing Comment

by:hongedit
ID: 34163328
Thanks....I'll have to find another workaround!
0

Featured Post

What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question