Solved

NDR Spam attack

Posted on 2010-11-18
6
889 Views
Last Modified: 2012-05-10
My client suddenly has 1 user receiving loads of these NDR's thtough:

----- Original Message -----
From: Mail Delivery System <Mailer-Daemon@dedic0.cmspanel.ru>
To: User
Sent: Thu Nov 18 06:16:08 2010
Subject: Mail delivery failed: returning message to sender

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

  info@yug-poliv.ru
    mailbox is full: retry timeout exceeded

Needless to say he didnt send the original message.

My client has good email hygeine - Reverse DNS is set up, SPF, not an open relay, Anti-Spam appliance, etc.

There are 0 queues in Exchange 2007 EMC.

How do I stop this? The majority are from .ru domains!
0
Comment
Question by:hongedit
  • 3
  • 3
6 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34162577
The problem could be in the fact that his email address is being spoofed by some spamming club/program. Though he did not send the origional message, the receiving mailservers simply return the NDR to the sender addres, the user's one.
There's not much you can do to prevent this from happening, even with the best email hygiene. If there's only one person (who has the users email address) out there is getting hit by a virus or similar they could start using the user's (and all other found addresses) as fake sender addresses.
0
 
LVL 1

Author Comment

by:hongedit
ID: 34163141
So there's nothing I can do? He's now getting hundreds through every hour, its insane!
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 34163214
You could block NDR's at the server.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 1

Author Comment

by:hongedit
ID: 34163218
But they need to be able to receive real NDR's :(

Crap.
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 500 total points
ID: 34163323
It is...... One of the side effects of our modern communication technology.
0
 
LVL 1

Author Closing Comment

by:hongedit
ID: 34163328
Thanks....I'll have to find another workaround!
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Customized VNC 1 54
android samsung attempts 10 59
PGP software 3 37
RDP to Windows Server 2012 R2 after disabling TLS 1.0 7 31
It’s the first day of March, the weather is starting to warm up and the excitement of the upcoming St. Patrick’s Day holiday can be felt throughout the world.
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question