Solved

Spam - lots of NDR's

Posted on 2011-02-17
13
541 Views
Last Modified: 2012-06-22
Our spam filter -  Xwall - is being swamped wtih   NDR's being reported for spam e-mail being returned and we suspect something on our network is causing the spam. Any tips on isolation. We are running Exchange and we also have  a CIsco router.

0
Comment
Question by:lineonecorp
  • 6
  • 6
13 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 240 total points
ID: 34921900
You could simply be a victim of NDR spam generated from outside.

If they are coming from inside and being send out, then you will be blacklisted somewhere.

Please check on www.mxtoolbox.com/blacklists.aspx and www.blacklistalert.org

Are you blacklisted anywhere?

Do you have an SPF record configured on your domain?
0
 
LVL 5

Assisted Solution

by:shadowmantx
shadowmantx earned 60 total points
ID: 34922089
Another thing to try is lock down SMTP port 25 (inbound and outbound) to the IP of your Email server and deny all workstations.  This will block your workstations in the case if they are infected with virus trojans.  When I performed Exchange message tracking it did not show any of those messages being sent from Email server that led me to believe it was coming from one of my workstations.
0
 

Author Comment

by:lineonecorp
ID: 34922871
Thanks for the tips. I'm putting them in place now. I'll let you know what I find.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:lineonecorp
ID: 34930586
I think we are i n your words "You could simply be a victim of NDR spam generated from outside." What do we do about this? We are getting NDR's and double NDR's as we are the bounceback address.
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 240 total points
ID: 34932362
Setup an SPF record to tell the world which mail servers are permitted to send out mail on your behalf.  That should cut down some of the spam but not all.  The rest will be up to your anti-spam defences.

http://old.openspf.org/wizard.html
0
 

Author Comment

by:lineonecorp
ID: 34934121
Thanks. What if I had a paid SORBS account? Would that give me some extra tools?
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 240 total points
ID: 34934206
I doubt it.  What version of Exchange do you have?

If Exchange 2003, you can use Intelligent Message Filtering, blacklist checks and a few other tools.

If Exchange 2007 / 2010, there are anti-spam tools you can use.
0
 

Author Comment

by:lineonecorp
ID: 34935109
Exchange 2003.  I've never used the tools you mentioned - Intelligent Message Filtering, blacklist checks and a few other tools. If you have any links for them I would appreciate it.  I will be trying the SPF business.  And I do have 2007/2010 at other sites so if there are any other relevant links for them that you think might be useful for this kind of thing please send them as well if they are handy to you. Is there anything I can do at the router end?

0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 240 total points
ID: 34936156
0
 

Author Comment

by:lineonecorp
ID: 34938082
Great. Thanks for all the tips.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34938095
You are welcome.  Are you making headway?
0
 

Author Comment

by:lineonecorp
ID: 34938148
I'll know in a few days.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34938153
If you still have problems - please post again and I'll come up with some more ideas for you.

Alan
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ensuring effective and secure communication in the age of healthcare BYOD.
Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
In this video we show how to create a mailbox database in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Servers >> Data…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question