• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 515
  • Last Modified:

How to stop getting NDR's from Exchange - resulting in the IP getting RFC-IGNORANT

Using Microsoft Excange 2003 SP2.
Have just got a load of NDR's - which resulted in getting the IP getting RFC-IGNORANT and having to move the mail server to a different IP address so that mails would be allowed to be sent to destination domain.
Origianlly to stop the large amounts of NDR's being produced by some suspicious and un-know source, within Global Settings on the Exchange Server I set the following :-

Under tab  for "Recipient Filtering".
 I checked the box for "filter recipients that are not in the directory".
SenderID Filtering Tab - set to "Delete (the message will be accepted and then deleted ;no NDR will be sent back to the sender)

We seemed to get to the point that outgoing mails sat in the QUEUE's and after some investigation it seems we were on an RFC-IGNORANT black list based on the IP address. We moved the IP address and the mail queued up were then sent.

Are the steps above enough to minimise this issue ? How do we get off this black list for the IP ?
0
ccfcfc
Asked:
ccfcfc
  • 4
  • 2
1 Solution
 
jerseysamCommented:
Really need to find out why you are gettnig these NDR's. Open Relay? Spam?

Take a look at at my previous post:

http://www.experts-exchange.com/Microsoft/Server_Applications/Q_27929216.html

I would say you need to clean your exchange queues and then make sure that your network is 100% secure. Only then can you start to think about getting removed from blacklists.

Check your blacklist check at mxtoolbox.com or network-tools.com
0
 
jerseysamCommented:
PS to turn off NDR's:

Exchange System Manager,
Global Settings,
Internet Message Format.
Double click on your right.
Advanced tab.
Uncheck Allow non-delivery reports.
0
 
ccfcfcAuthor Commented:
Jerseysam,
Thanks for the last post, that is already turned off. But thanks for that.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
ccfcfcAuthor Commented:
Hi,
I have followed your previous post and understaken the Telnet test concerning the testing of a relay.
http://exchange.sembee.info/2003/smtp/spam-cleanup.asp
When I perform the test internally, not on an external network I can Telnet and perform all tests as required but obviously this is not the correct test.
But, If I Telnet to my Exchange server via an external network as the document requests, I do not get the  banner returned of 220 mail.server.domain Microsoft ESMTP MAIL Service, Version: 6.0.2790.0 Ready at
but just get  
220********************************************************************************************
When I issue the command ehlo testdomain.com  
it returns  500 5.3.3 Unrecognized command.
Weird as I know it is working as I can connect to the via TCP port 25 when on the same network.
Any ideas as to why ?
0
 
Alan HardistyCommented:
You have a CISCO firewall / ASA device with SMTP Fixup / ESMTP Inspection Enabled - please disable it as this causes more problems than it fixes.

Your banner proves this:

220********************************************************************************************
0
 
ccfcfcAuthor Commented:
Yep we have a PIX firewall I will look at turning that off.
Although I must admit I went checked the doucment and from that the server was configured correctly. Just wanted to test externally as well.
0
 
ccfcfcAuthor Commented:
I have been looking at other SMTP settings.
Under properties , Access, Authentication   - select acceptable authentication for this resource
Anonymous Access -  ticked  (no username or password required)
    Resolve anonymous e-mail - NOT ticked
Basic authentication (password sent in clear text) - ticked
Integrated Windows Authentication - ticked

Should I turn the top 2 option off ?
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now