?
Solved

Spam - lots of NDR's

Posted on 2011-02-17
13
Medium Priority
?
550 Views
Last Modified: 2012-06-22
Our spam filter -  Xwall - is being swamped wtih   NDR's being reported for spam e-mail being returned and we suspect something on our network is causing the spam. Any tips on isolation. We are running Exchange and we also have  a CIsco router.

0
Comment
Question by:lineonecorp
  • 6
  • 6
13 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 960 total points
ID: 34921900
You could simply be a victim of NDR spam generated from outside.

If they are coming from inside and being send out, then you will be blacklisted somewhere.

Please check on www.mxtoolbox.com/blacklists.aspx and www.blacklistalert.org

Are you blacklisted anywhere?

Do you have an SPF record configured on your domain?
0
 
LVL 5

Assisted Solution

by:shadowmantx
shadowmantx earned 240 total points
ID: 34922089
Another thing to try is lock down SMTP port 25 (inbound and outbound) to the IP of your Email server and deny all workstations.  This will block your workstations in the case if they are infected with virus trojans.  When I performed Exchange message tracking it did not show any of those messages being sent from Email server that led me to believe it was coming from one of my workstations.
0
 

Author Comment

by:lineonecorp
ID: 34922871
Thanks for the tips. I'm putting them in place now. I'll let you know what I find.
0
Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

 

Author Comment

by:lineonecorp
ID: 34930586
I think we are i n your words "You could simply be a victim of NDR spam generated from outside." What do we do about this? We are getting NDR's and double NDR's as we are the bounceback address.
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 960 total points
ID: 34932362
Setup an SPF record to tell the world which mail servers are permitted to send out mail on your behalf.  That should cut down some of the spam but not all.  The rest will be up to your anti-spam defences.

http://old.openspf.org/wizard.html
0
 

Author Comment

by:lineonecorp
ID: 34934121
Thanks. What if I had a paid SORBS account? Would that give me some extra tools?
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 960 total points
ID: 34934206
I doubt it.  What version of Exchange do you have?

If Exchange 2003, you can use Intelligent Message Filtering, blacklist checks and a few other tools.

If Exchange 2007 / 2010, there are anti-spam tools you can use.
0
 

Author Comment

by:lineonecorp
ID: 34935109
Exchange 2003.  I've never used the tools you mentioned - Intelligent Message Filtering, blacklist checks and a few other tools. If you have any links for them I would appreciate it.  I will be trying the SPF business.  And I do have 2007/2010 at other sites so if there are any other relevant links for them that you think might be useful for this kind of thing please send them as well if they are handy to you. Is there anything I can do at the router end?

0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 960 total points
ID: 34936156
0
 

Author Comment

by:lineonecorp
ID: 34938082
Great. Thanks for all the tips.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34938095
You are welcome.  Are you making headway?
0
 

Author Comment

by:lineonecorp
ID: 34938148
I'll know in a few days.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34938153
If you still have problems - please post again and I'll come up with some more ideas for you.

Alan
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you put your credit card number into a website for an online transaction, surely you know to look for signs of a secure website such as the padlock icon in the web browser or the green address bar.  This is one way to protect yourself from oth…
With more and more companies allowing their employees to work remotely, it begs the question: What are some of the security risks involved with remote employees and what actions should we take to secure them?
This video discusses moving either the default database or any database to a new volume.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question