Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.
Solved
Exchange 2010 Backscatter problem
Posted on 2011-03-15
We are having an issue in Exchange 2010 that i believe is being caused by Backscatter. Recently I have noticed a bunch of messages in the Exchange Queue Viewer that keep trying to resend but are unable to connect. All of these messages are Non Delivery Reports for undeliverable spam email that was sent to our server.
Yesterday afternoon i tried enabling Recipient Validation in exchange. Since turning this feature on we have gone from over 60 messages trying to resend over and over to only 8 after enabling. This seems to have helped the situation, however i am still seeing messages trying to resend.
I found a few articles related to this issue that also recommended completely disabling NDR's all together, or adding another layer of spam detection. Is there any other recommended course of action to resolve this problem? Aside from valid NDR's not being sent, is there any other down side to disabling NDR's? Is there a rule in Exchange we can setup to drop off the NDR's that fail to connect after the first or second try?
Here is alittle background on our current anti-spam setup. Our first layer of anti-spam detection is our Sonicwall firewall which has RBL entries for spamhaus, dnsbl.sorbs, barracudacentral, & spamcop. For the second layer we are using Trend Micro Scan Mail for Exchange. This product doesn't seem to do a good job of cleaning any spam getting through the firewall. I am looking at alternatives as our subscription is up in a few months. Any recommendations on anti-spam products you are having success with are greatly appreciated.
For reference here is a sample of one of the messages currently trying to resend.
Identity: qualissrv01\57782\232009
Subject: Undeliverable: Loan offer at 3% Interest Rates!!
Internet Message ID: <b925383a-19d1-415d-a701-f
From Address: <>
Status: Ready
Size (KB): 6
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 3/14/2011 8:20:10 PM
Expiration Time: 3/16/2011 8:20:10 PM
Last Error: 450 4.1.1 <ocean@lbasantarem.com.br>
Queue ID: qualissrv01\57782
Recipients: ocean@lbasantarem.com.br
Thank you
Yesterday afternoon i tried enabling Recipient Validation in exchange. Since turning this feature on we have gone from over 60 messages trying to resend over and over to only 8 after enabling. This seems to have helped the situation, however i am still seeing messages trying to resend.
I found a few articles related to this issue that also recommended completely disabling NDR's all together, or adding another layer of spam detection. Is there any other recommended course of action to resolve this problem? Aside from valid NDR's not being sent, is there any other down side to disabling NDR's? Is there a rule in Exchange we can setup to drop off the NDR's that fail to connect after the first or second try?
Here is alittle background on our current anti-spam setup. Our first layer of anti-spam detection is our Sonicwall firewall which has RBL entries for spamhaus, dnsbl.sorbs, barracudacentral, & spamcop. For the second layer we are using Trend Micro Scan Mail for Exchange. This product doesn't seem to do a good job of cleaning any spam getting through the firewall. I am looking at alternatives as our subscription is up in a few months. Any recommendations on anti-spam products you are having success with are greatly appreciated.
For reference here is a sample of one of the messages currently trying to resend.
Identity: qualissrv01\57782\232009
Subject: Undeliverable: Loan offer at 3% Interest Rates!!
Internet Message ID: <b925383a-19d1-415d-a701-f
From Address: <>
Status: Ready
Size (KB): 6
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 3/14/2011 8:20:10 PM
Expiration Time: 3/16/2011 8:20:10 PM
Last Error: 450 4.1.1 <ocean@lbasantarem.com.br>
Queue ID: qualissrv01\57782
Recipients: ocean@lbasantarem.com.br
Thank you
3
5 Comments
Active 6 days ago
Okay - do you receive mail directly to your server or does a 3rd party filter your mail and pass it on to you?
If via a 3rd party - THEY have to Recipient Filter.
If you receive it directly, you need to install the Anti-Spam options and enable Recipient Filtering.
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_4257-Exchange-2007-2010-Backscatter-and-how-to-resolve-it.html
If via a 3rd party - THEY have to Recipient Filter.
If you receive it directly, you need to install the Anti-Spam options and enable Recipient Filtering.
http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/A_4257-Exchange-2007-2010-Backscatter-and-how-to-resolve-it.html
We receive our mail directly. I turned on the Anti-Spam options and enabled the Recipient Filtering and that seems to have done the trick. Thanks for the help Alanhardisty.
Active 6 days ago
You are welcome. Glad all is happy now. Make sure you get delisted fron Backscatterer.org (usually happens automatically after about 4 weeks).
Thanks for the points.
Alan
Thanks for the points.
Alan
Active 6 days ago
Thanks for this info. The same thing is happening at my office. I enabled the filtering and I'm still having this issue. is there something else that I can try? Any help would be appreciated. Not sure what else to try here. thanks in advance.
Featured Post
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Are you working to mount the dismounted Exchange 2013 database? Then the best course of action is to analyze the causes of Database issue, their probable solutions and decide for the appropriate course of action.
Fix RPC Server is unavailable Error in Exchange 2013, 2010, 2007, and 2003 Server. Different reason can such as network connectivity issue, name resolution issue, firewall, registry corruption that lead to RPC Server Unavailable error.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online)
The email signat…
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA).
For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651
If you want to manage em…
Suggested Courses
Course of the Month4 days, 7 hours left to enroll
589 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.