Solved

exchange 2013 - bounce back messages not working

Posted on 2014-11-22
3
614 Views
Last Modified: 2014-11-23
Hi guys,
I have exchange 2013 - infront of this i have websence hosted email security - when an external user sends an email to an incorrect user in our domain or to a random address the sender is not getting no bounce back - have checked websence and the logs show our exchange has accepted the email.  However internally the bounce backs works fine....
0
Comment
Question by:jag b
  • 2
3 Comments
 
LVL 63

Accepted Solution

by:
Simon Butler (Sembee) earned 500 total points
ID: 40459316
You need to enable recipient filtering on the Exchange server.
These are part of the antispam agents which are not installed by default.
Install the agents from EMS thus:
& $env:ExchangeInstallPath\Scripts\Install-AntiSpamAgents.ps1
http://technet.microsoft.com/en-us/library/bb201691(v=exchg.150).aspx

Then enable the agents:

Set-RecipientFilterConfig -RecipientValidationEnabled $true
http://technet.microsoft.com/en-us/library/aa998613(v=exchg.150).aspx

HOWEVER, you shouldn't be using Exchange for recipient filtering. That is too late. The recipient filtering should be happening at the point of delivery - your Websense Email Security platform should be doing it. I would check whether it can.
Furthermore, it may well be that the Websense platform is rejecting the NDRs, because they are a form of backscatter which can get you blacklisted. Again this is resolved by doing the filtering at the point of delivery.

If you already have the recipient filtering enabled, then the problem is with the Websense platform rejecting or not allowing the messages through, and you need to review the configuration as I have outlined.

Simon.
0
 

Author Comment

by:jag b
ID: 40459363
Hi simon,
thank you for your reply - further information as below:
On my send connector I am going through a smart host - when I change this to MX record associated then ndr's work fine.... issue with the smart host?  
Is it ok to use the MX record associated with recipient domain?
0
 
LVL 63

Expert Comment

by:Simon Butler (Sembee)
ID: 40459939
The fact that you are able to send the NDRs directly suggests that the smart host is rejecting them.
However it also means you do not have recipient filtering enabled and what you want to do is called backscatter, which will get you blacklisted.

As I wrote above, you should configure the Websense service to reject emails for non-existent senders. Not accept them and then allow Exchange to generate an NDR.

By accepting emails for any recipient and then attempting to NDR them, you are exposing your server to an NDR attack. This is where a spammer sends emails to your server to non-existent recipients on purpose, so your server bounces them to the sender. The sender is spoofed and is the actual target of the spam run. Therefore not only do you get blacklisted, but you end up with a lot of emails in your queues to bad email addresses.

Simon.
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Learn to move / copy / export exchange contacts to iPhone without using any software. Also see the issues in configuration of exchange with iPhone to migrate contacts.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
This video discusses moving either the default database or any database to a new volume.

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now