Solved

Spam - lots of NDR's

Posted on 2011-02-17
13
542 Views
Last Modified: 2012-06-22
Our spam filter -  Xwall - is being swamped wtih   NDR's being reported for spam e-mail being returned and we suspect something on our network is causing the spam. Any tips on isolation. We are running Exchange and we also have  a CIsco router.

0
Comment
Question by:lineonecorp
  • 6
  • 6
13 Comments
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 240 total points
ID: 34921900
You could simply be a victim of NDR spam generated from outside.

If they are coming from inside and being send out, then you will be blacklisted somewhere.

Please check on www.mxtoolbox.com/blacklists.aspx and www.blacklistalert.org

Are you blacklisted anywhere?

Do you have an SPF record configured on your domain?
0
 
LVL 5

Assisted Solution

by:shadowmantx
shadowmantx earned 60 total points
ID: 34922089
Another thing to try is lock down SMTP port 25 (inbound and outbound) to the IP of your Email server and deny all workstations.  This will block your workstations in the case if they are infected with virus trojans.  When I performed Exchange message tracking it did not show any of those messages being sent from Email server that led me to believe it was coming from one of my workstations.
0
 

Author Comment

by:lineonecorp
ID: 34922871
Thanks for the tips. I'm putting them in place now. I'll let you know what I find.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 

Author Comment

by:lineonecorp
ID: 34930586
I think we are i n your words "You could simply be a victim of NDR spam generated from outside." What do we do about this? We are getting NDR's and double NDR's as we are the bounceback address.
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 240 total points
ID: 34932362
Setup an SPF record to tell the world which mail servers are permitted to send out mail on your behalf.  That should cut down some of the spam but not all.  The rest will be up to your anti-spam defences.

http://old.openspf.org/wizard.html
0
 

Author Comment

by:lineonecorp
ID: 34934121
Thanks. What if I had a paid SORBS account? Would that give me some extra tools?
0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 240 total points
ID: 34934206
I doubt it.  What version of Exchange do you have?

If Exchange 2003, you can use Intelligent Message Filtering, blacklist checks and a few other tools.

If Exchange 2007 / 2010, there are anti-spam tools you can use.
0
 

Author Comment

by:lineonecorp
ID: 34935109
Exchange 2003.  I've never used the tools you mentioned - Intelligent Message Filtering, blacklist checks and a few other tools. If you have any links for them I would appreciate it.  I will be trying the SPF business.  And I do have 2007/2010 at other sites so if there are any other relevant links for them that you think might be useful for this kind of thing please send them as well if they are handy to you. Is there anything I can do at the router end?

0
 
LVL 76

Assisted Solution

by:Alan Hardisty
Alan Hardisty earned 240 total points
ID: 34936156
0
 

Author Comment

by:lineonecorp
ID: 34938082
Great. Thanks for all the tips.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34938095
You are welcome.  Are you making headway?
0
 

Author Comment

by:lineonecorp
ID: 34938148
I'll know in a few days.
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 34938153
If you still have problems - please post again and I'll come up with some more ideas for you.

Alan
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question