Re: IIS 5's SMTP and Stopping NDR's ?


"Sanford Whiteman" <swhitemanlistens-software@xxxxxxxxxxxxxxxxxxxxx> wrote
in message news:op.tsx98ybz6c17zw@xxxxxxxxxxxxxxxxxxxxxxx
I didn't know that could be done. Can you elaborate on how this is
accomplished using Exchange 2000 and
a separate SMTP machine as a relay? If I can get the mail server to just
reject all connection attempts to non-existant mailboxes that would be a
lot
better :-)

5xxSink is a transport event sink specifically designed for the rejection
of
unknown recipients at the MX.

Download:


http://www.imprimia.com/products/software/freeutils/5xxsink/download/release

Be sure to go over the README and RELNOTES in-depth.

Thanks for the link - it's exactly what I'm after and as you've pointed out
(and educated me in the process) it's the preferred solution :-)

Funny thing - when I copy and paste the following I got an error (due to
syntax)

cscript smtpreg.vbs /add 1 oninboundcommand 5xxsink
5xxsink.sink "rcpt"

but when I manually entered the command it worked :-)


I don't know much about that - all I know is that my IIS 5 SMTP machine
is
kindly sending NDR reports for every email it receives that is not
addressed
to an existing mailbox. Of course, the account used to send the mail
does
not exist so it's a waste for everyone.

Quite so. For you, the waste is abetted by accepting the mail in the
first place. *Just* because something was sent to a nonexistent
mailbox doesn't mean it was spam -- as such user errors occur, in
small but non-negligible quantity, all the time.

Agreed - although you know more about this then I do :-)


Your server is absolutely correct to generate an NDR by default, in
the absence of any spam detection at that level. When the sender is
legit, the NDR is invaluable.

Agreed - it would be a shame to cut that functionality due to spam


When the sender is forged or does not exist, the NDR is extremely
problematic, one the first hand making you complicit in Joe Jobs, and
on the second resulting in postmaster messages (double-bounce
notifications).

But not anymore..... :-)
Thank you very much Sandy - I appreciate the education and also the better
way to resolve the issue. Much appreciated!


--Sandy


.

Relevant Pages

  • Re: NDRs
    ... sender just flood the spam to random recipients. ... This is what is called a "Reverse NDR attack". ... If you are experiencing any of the above, chances are good your mail server ...
    (microsoft.public.windows.server.sbs)
  • Re: massive fake returned e-mail
    ... the only reason why all these NDRs are getting sent back is because the receiving mail servers are accepting the spam and then checking if the e-mail is deliverable afterwhich they send out *new* e-mails as the NDRs. ... If the receiving mail server rejected the spam DURING the mail session then it would reject non-deliverable mail at that time. ... Instead of accepting the spam and then later sending back an NDR, rejecting the attempted delivery during the mail session means the actual sending mail server gets notified of the non-delivery. ...
    (microsoft.public.outlook)
  • Re: IIS 5s SMTP and Stopping NDRs ?
    ... If I can get the mail server to just ... kindly sending NDR reports for every email it receives that is not addressed ... to an existing mailbox. ... When the sender is forged or does not exist, ...
    (microsoft.public.inetserver.iis.smtp_nntp)
  • Re: Undeliveable Mail showing up from my domain postmaster (exchan
    ... > sender just flood the spam to random recipients. ... This is what is called a "Reverse NDR attack". ... > If you are experiencing any of the above, chances are good your mail server ...
    (microsoft.public.windows.server.sbs)
  • NDR SPAM attacks & Filter Recipients
    ... I need as much information as possible about enabling 'Filter Recipients who ... I am trying to lower the number of NDR SPAM ... will not be sent by my mail server but by the sender's own mail server. ...
    (microsoft.public.exchange.admin)
Loading