Spam - lots of NDR's

Our spam filter -  Xwall - is being swamped wtih   NDR's being reported for spam e-mail being returned and we suspect something on our network is causing the spam. Any tips on isolation. We are running Exchange and we also have  a CIsco router.

lineonecorpAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Alan HardistyCo-OwnerCommented:
You could simply be a victim of NDR spam generated from outside.

If they are coming from inside and being send out, then you will be blacklisted somewhere.

Please check on www.mxtoolbox.com/blacklists.aspx and www.blacklistalert.org

Are you blacklisted anywhere?

Do you have an SPF record configured on your domain?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
shadowmantxCommented:
Another thing to try is lock down SMTP port 25 (inbound and outbound) to the IP of your Email server and deny all workstations.  This will block your workstations in the case if they are infected with virus trojans.  When I performed Exchange message tracking it did not show any of those messages being sent from Email server that led me to believe it was coming from one of my workstations.
0
lineonecorpAuthor Commented:
Thanks for the tips. I'm putting them in place now. I'll let you know what I find.
0
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

lineonecorpAuthor Commented:
I think we are i n your words "You could simply be a victim of NDR spam generated from outside." What do we do about this? We are getting NDR's and double NDR's as we are the bounceback address.
0
Alan HardistyCo-OwnerCommented:
Setup an SPF record to tell the world which mail servers are permitted to send out mail on your behalf.  That should cut down some of the spam but not all.  The rest will be up to your anti-spam defences.

http://old.openspf.org/wizard.html
0
lineonecorpAuthor Commented:
Thanks. What if I had a paid SORBS account? Would that give me some extra tools?
0
Alan HardistyCo-OwnerCommented:
I doubt it.  What version of Exchange do you have?

If Exchange 2003, you can use Intelligent Message Filtering, blacklist checks and a few other tools.

If Exchange 2007 / 2010, there are anti-spam tools you can use.
0
lineonecorpAuthor Commented:
Exchange 2003.  I've never used the tools you mentioned - Intelligent Message Filtering, blacklist checks and a few other tools. If you have any links for them I would appreciate it.  I will be trying the SPF business.  And I do have 2007/2010 at other sites so if there are any other relevant links for them that you think might be useful for this kind of thing please send them as well if they are handy to you. Is there anything I can do at the router end?

0
Alan HardistyCo-OwnerCommented:
0
lineonecorpAuthor Commented:
Great. Thanks for all the tips.
0
Alan HardistyCo-OwnerCommented:
You are welcome.  Are you making headway?
0
lineonecorpAuthor Commented:
I'll know in a few days.
0
Alan HardistyCo-OwnerCommented:
If you still have problems - please post again and I'll come up with some more ideas for you.

Alan
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.