?
Solved

Spam - lots of NDR's

Posted on 2011-02-17
13
Medium Priority
?
546 Views
Last Modified: 2012-06-22
Our spam filter -  Xwall - is being swamped wtih   NDR's being reported for spam e-mail being returned and we suspect something on our network is causing the spam. Any tips on isolation. We are running Exchange and we also have  a CIsco router.

0
Comment
Question by:lineonecorp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
13 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 960 total points
ID: 34921900
You could simply be a victim of NDR spam generated from outside.

If they are coming from inside and being send out, then you will be blacklisted somewhere.

Please check on www.mxtoolbox.com/blacklists.aspx and www.blacklistalert.org

Are you blacklisted anywhere?

Do you have an SPF record configured on your domain?
0
 
LVL 5

Assisted Solution

by:shadowmantx
shadowmantx earned 240 total points
ID: 34922089
Another thing to try is lock down SMTP port 25 (inbound and outbound) to the IP of your Email server and deny all workstations.  This will block your workstations in the case if they are infected with virus trojans.  When I performed Exchange message tracking it did not show any of those messages being sent from Email server that led me to believe it was coming from one of my workstations.
0
 

Author Comment

by:lineonecorp
ID: 34922871
Thanks for the tips. I'm putting them in place now. I'll let you know what I find.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 

Author Comment

by:lineonecorp
ID: 34930586
I think we are i n your words "You could simply be a victim of NDR spam generated from outside." What do we do about this? We are getting NDR's and double NDR's as we are the bounceback address.
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 960 total points
ID: 34932362
Setup an SPF record to tell the world which mail servers are permitted to send out mail on your behalf.  That should cut down some of the spam but not all.  The rest will be up to your anti-spam defences.

http://old.openspf.org/wizard.html
0
 

Author Comment

by:lineonecorp
ID: 34934121
Thanks. What if I had a paid SORBS account? Would that give me some extra tools?
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 960 total points
ID: 34934206
I doubt it.  What version of Exchange do you have?

If Exchange 2003, you can use Intelligent Message Filtering, blacklist checks and a few other tools.

If Exchange 2007 / 2010, there are anti-spam tools you can use.
0
 

Author Comment

by:lineonecorp
ID: 34935109
Exchange 2003.  I've never used the tools you mentioned - Intelligent Message Filtering, blacklist checks and a few other tools. If you have any links for them I would appreciate it.  I will be trying the SPF business.  And I do have 2007/2010 at other sites so if there are any other relevant links for them that you think might be useful for this kind of thing please send them as well if they are handy to you. Is there anything I can do at the router end?

0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 960 total points
ID: 34936156
0
 

Author Comment

by:lineonecorp
ID: 34938082
Great. Thanks for all the tips.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34938095
You are welcome.  Are you making headway?
0
 

Author Comment

by:lineonecorp
ID: 34938148
I'll know in a few days.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34938153
If you still have problems - please post again and I'll come up with some more ideas for you.

Alan
0

Featured Post

Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
Make the most of your online learning experience.
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question