?
Solved

How to stop getting NDR's from Exchange - resulting in the IP getting RFC-IGNORANT

Posted on 2013-01-09
7
Medium Priority
?
512 Views
Last Modified: 2013-01-10
Using Microsoft Excange 2003 SP2.
Have just got a load of NDR's - which resulted in getting the IP getting RFC-IGNORANT and having to move the mail server to a different IP address so that mails would be allowed to be sent to destination domain.
Origianlly to stop the large amounts of NDR's being produced by some suspicious and un-know source, within Global Settings on the Exchange Server I set the following :-

Under tab  for "Recipient Filtering".
 I checked the box for "filter recipients that are not in the directory".
SenderID Filtering Tab - set to "Delete (the message will be accepted and then deleted ;no NDR will be sent back to the sender)

We seemed to get to the point that outgoing mails sat in the QUEUE's and after some investigation it seems we were on an RFC-IGNORANT black list based on the IP address. We moved the IP address and the mail queued up were then sent.

Are the steps above enough to minimise this issue ? How do we get off this black list for the IP ?
0
Comment
Question by:ccfcfc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 15

Accepted Solution

by:
jerseysam earned 2000 total points
ID: 38758183
Really need to find out why you are gettnig these NDR's. Open Relay? Spam?

Take a look at at my previous post:

http://www.experts-exchange.com/Microsoft/Server_Applications/Q_27929216.html

I would say you need to clean your exchange queues and then make sure that your network is 100% secure. Only then can you start to think about getting removed from blacklists.

Check your blacklist check at mxtoolbox.com or network-tools.com
0
 
LVL 15

Expert Comment

by:jerseysam
ID: 38758190
PS to turn off NDR's:

Exchange System Manager,
Global Settings,
Internet Message Format.
Double click on your right.
Advanced tab.
Uncheck Allow non-delivery reports.
0
 

Author Comment

by:ccfcfc
ID: 38758298
Jerseysam,
Thanks for the last post, that is already turned off. But thanks for that.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:ccfcfc
ID: 38758555
Hi,
I have followed your previous post and understaken the Telnet test concerning the testing of a relay.
http://exchange.sembee.info/2003/smtp/spam-cleanup.asp
When I perform the test internally, not on an external network I can Telnet and perform all tests as required but obviously this is not the correct test.
But, If I Telnet to my Exchange server via an external network as the document requests, I do not get the  banner returned of 220 mail.server.domain Microsoft ESMTP MAIL Service, Version: 6.0.2790.0 Ready at
but just get  
220********************************************************************************************
When I issue the command ehlo testdomain.com  
it returns  500 5.3.3 Unrecognized command.
Weird as I know it is working as I can connect to the via TCP port 25 when on the same network.
Any ideas as to why ?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 38758565
You have a CISCO firewall / ASA device with SMTP Fixup / ESMTP Inspection Enabled - please disable it as this causes more problems than it fixes.

Your banner proves this:

220********************************************************************************************
0
 

Author Comment

by:ccfcfc
ID: 38758619
Yep we have a PIX firewall I will look at turning that off.
Although I must admit I went checked the doucment and from that the server was configured correctly. Just wanted to test externally as well.
0
 

Author Comment

by:ccfcfc
ID: 38758838
I have been looking at other SMTP settings.
Under properties , Access, Authentication   - select acceptable authentication for this resource
Anonymous Access -  ticked  (no username or password required)
    Resolve anonymous e-mail - NOT ticked
Basic authentication (password sent in clear text) - ticked
Integrated Windows Authentication - ticked

Should I turn the top 2 option off ?
0

Featured Post

Enroll in August's Course of the Month

August's CompTIA IT Fundamentals course includes 19 hours of basic computer principle modules and prepares you for the certification exam. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help to fix the below errors for MS Exchange Server 2013 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video discusses moving either the default database or any database to a new volume.
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question