Solved

How to stop getting NDR's from Exchange - resulting in the IP getting RFC-IGNORANT

Posted on 2013-01-09
7
511 Views
Last Modified: 2013-01-10
Using Microsoft Excange 2003 SP2.
Have just got a load of NDR's - which resulted in getting the IP getting RFC-IGNORANT and having to move the mail server to a different IP address so that mails would be allowed to be sent to destination domain.
Origianlly to stop the large amounts of NDR's being produced by some suspicious and un-know source, within Global Settings on the Exchange Server I set the following :-

Under tab  for "Recipient Filtering".
 I checked the box for "filter recipients that are not in the directory".
SenderID Filtering Tab - set to "Delete (the message will be accepted and then deleted ;no NDR will be sent back to the sender)

We seemed to get to the point that outgoing mails sat in the QUEUE's and after some investigation it seems we were on an RFC-IGNORANT black list based on the IP address. We moved the IP address and the mail queued up were then sent.

Are the steps above enough to minimise this issue ? How do we get off this black list for the IP ?
0
Comment
Question by:ccfcfc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 15

Accepted Solution

by:
jerseysam earned 500 total points
ID: 38758183
Really need to find out why you are gettnig these NDR's. Open Relay? Spam?

Take a look at at my previous post:

http://www.experts-exchange.com/Microsoft/Server_Applications/Q_27929216.html

I would say you need to clean your exchange queues and then make sure that your network is 100% secure. Only then can you start to think about getting removed from blacklists.

Check your blacklist check at mxtoolbox.com or network-tools.com
0
 
LVL 15

Expert Comment

by:jerseysam
ID: 38758190
PS to turn off NDR's:

Exchange System Manager,
Global Settings,
Internet Message Format.
Double click on your right.
Advanced tab.
Uncheck Allow non-delivery reports.
0
 

Author Comment

by:ccfcfc
ID: 38758298
Jerseysam,
Thanks for the last post, that is already turned off. But thanks for that.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:ccfcfc
ID: 38758555
Hi,
I have followed your previous post and understaken the Telnet test concerning the testing of a relay.
http://exchange.sembee.info/2003/smtp/spam-cleanup.asp
When I perform the test internally, not on an external network I can Telnet and perform all tests as required but obviously this is not the correct test.
But, If I Telnet to my Exchange server via an external network as the document requests, I do not get the  banner returned of 220 mail.server.domain Microsoft ESMTP MAIL Service, Version: 6.0.2790.0 Ready at
but just get  
220********************************************************************************************
When I issue the command ehlo testdomain.com  
it returns  500 5.3.3 Unrecognized command.
Weird as I know it is working as I can connect to the via TCP port 25 when on the same network.
Any ideas as to why ?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 38758565
You have a CISCO firewall / ASA device with SMTP Fixup / ESMTP Inspection Enabled - please disable it as this causes more problems than it fixes.

Your banner proves this:

220********************************************************************************************
0
 

Author Comment

by:ccfcfc
ID: 38758619
Yep we have a PIX firewall I will look at turning that off.
Although I must admit I went checked the doucment and from that the server was configured correctly. Just wanted to test externally as well.
0
 

Author Comment

by:ccfcfc
ID: 38758838
I have been looking at other SMTP settings.
Under properties , Access, Authentication   - select acceptable authentication for this resource
Anonymous Access -  ticked  (no username or password required)
    Resolve anonymous e-mail - NOT ticked
Basic authentication (password sent in clear text) - ticked
Integrated Windows Authentication - ticked

Should I turn the top 2 option off ?
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question