Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 848
  • Last Modified:

exchange 2013 - bounce back messages not working

Hi guys,
I have exchange 2013 - infront of this i have websence hosted email security - when an external user sends an email to an incorrect user in our domain or to a random address the sender is not getting no bounce back - have checked websence and the logs show our exchange has accepted the email.  However internally the bounce backs works fine....
0
jag b
Asked:
jag b
  • 2
1 Solution
 
Simon Butler (Sembee)ConsultantCommented:
You need to enable recipient filtering on the Exchange server.
These are part of the antispam agents which are not installed by default.
Install the agents from EMS thus:
& $env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1
http://technet.microsoft.com/en-us/library/bb201691(v=exchg.150).aspx

Then enable the agents:

Set-RecipientFilterConfig -RecipientValidationEnabled $true
http://technet.microsoft.com/en-us/library/aa998613(v=exchg.150).aspx

HOWEVER, you shouldn't be using Exchange for recipient filtering. That is too late. The recipient filtering should be happening at the point of delivery - your Websense Email Security platform should be doing it. I would check whether it can.
Furthermore, it may well be that the Websense platform is rejecting the NDRs, because they are a form of backscatter which can get you blacklisted. Again this is resolved by doing the filtering at the point of delivery.

If you already have the recipient filtering enabled, then the problem is with the Websense platform rejecting or not allowing the messages through, and you need to review the configuration as I have outlined.

Simon.
0
 
jag bAuthor Commented:
Hi simon,
thank you for your reply - further information as below:
On my send connector I am going through a smart host - when I change this to MX record associated then ndr's work fine.... issue with the smart host?  
Is it ok to use the MX record associated with recipient domain?
0
 
Simon Butler (Sembee)ConsultantCommented:
The fact that you are able to send the NDRs directly suggests that the smart host is rejecting them.
However it also means you do not have recipient filtering enabled and what you want to do is called backscatter, which will get you blacklisted.

As I wrote above, you should configure the Websense service to reject emails for non-existent senders. Not accept them and then allow Exchange to generate an NDR.

By accepting emails for any recipient and then attempting to NDR them, you are exposing your server to an NDR attack. This is where a spammer sends emails to your server to non-existent recipients on purpose, so your server bounces them to the sender. The sender is spoofed and is the actual target of the spam run. Therefore not only do you get blacklisted, but you end up with a lot of emails in your queues to bad email addresses.

Simon.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now