?
Solved

Exchange 2007 NDR (backscatter) spam

Posted on 2012-04-10
3
Medium Priority
?
1,046 Views
Last Modified: 2012-04-12
I am having problems fighting NDR (backscatter) spam on Exchange 2007 server.
I have been using Exchange Antispam modules for few years now. But last week client started to receive hundreds of NDR (apparently created by my Exchange 2007 server).

1. I have tested my SPF records. It all looks OK.
2. I ve tested that it is not a open relay.
3. I have disabled "Allow non delivery reports" on Hub Transport default remote domain.
4. Tried to restart services on Hub transport role server.

I have 3 questions (for now);
1. It looks like that spammers are forcing my Exchange server to create NDRs (because NDRS are in my language). So it looks like my Exchange server is creating NDRs but forced by spammers.  Is this possible/probable?

2. Is there any efficient way to stop NDRs (and some other type of system messages) without purchasing 3rd party software (GFI, ORF...)?

3.  I have disabled "Allow non delivery reports" on Hub Transport default remote domain but some of the experts /Sambee/ here on EE suggest that this could lead to blacklisting my Exchange on DNSBL and still wont solve my problem.
0
Comment
Question by:ivugrinec
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 37831395
If you don't want to use 3rd party tools, have you checked that you have Recipient Filtering enabled?

Run the following in the Exchange Management Shell:

Get-RecipientFilterConfig

If it shows that Recipient Filtering is not set (false), enable it:

Set-RecipientFilterConfig -RecipientValidationEnabled:$true
0
 

Author Comment

by:ivugrinec
ID: 37831403
It has always been enabled. It doesn't stop backscatter spam.
0
 
LVL 76

Accepted Solution

by:
Alan Hardisty earned 2000 total points
ID: 37831449
Okay - then I'd be going the 3rd party route personally because I know it works.

I have never used the Exchange tools for longer than it took me to realise how bad they were, so I can't help you if you want to stick with them unfortunately.

Sorry.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Pop culture is prime bait for hackers seeking to infect user’s computers and mobile devices with malicious malware. Hackers know exactly what the latest trends are online and know how to use them to their advantage.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question