Link to home
Start Free TrialLog in
Avatar of jdemoccc
jdemoccc

asked on

Exchange 2010 Causing NDR's

some specific senders trying to send emails to our domain are receiving NDR's such as this smtp; 550-This message contains a phishing attempt 550     [Heuristics.Phishing.Email.SpoofedDomain].

We are running exchange 2010 and we assume the anti-spam filter on exchange is sending the NDR's. What would be the best way to check this and allow the users to send to our domain?
Avatar of EMJSR
EMJSR
Flag of United States of America image

Have a look in the following options. Sounds like your content filtering is kicking in (enabled by default).

1) Open the Exchange Management Console.
2) Click Edge Transport.
3) In the work pane, click the Anti-spam tab.
4) Click Content Filtering.
5) In the action pane, click enable or disable as required.

There are some more options other than on/off, for example, you could configure the Content Filter Agent to handle a message based on certain values. These actions include deleting the message, rejecting the message, and quarantining the message. It can also flag email to go to the junk mail folder on a client.

SCLs (Spam Confidence Levels) are rated from 1 to 9, so you may choose to set something like this:

1-5 Deliver as normal.
6 Route the email to the client’s junkmail folder.
7 Quarantine-the email is routed to the quarantine folder.
8 Reject the email is rejected and the sender receives a 550 response (your case).
9 Delete the email without NDR.

I hope that helps you further.
Avatar of Manpreet SIngh Khatra
I would say let it be as sometime people do use some devices\sites to generate emails as their domain and only way to all these emails is to whitelist these IP's on your firewall and believe me its too risky

- Rancy
ASKER CERTIFIED SOLUTION
Avatar of EMJSR
EMJSR
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jdemoccc
jdemoccc

ASKER

yes they are legitimate. We have white listed the specific sender.