Re: Disable badmail or NDR?

Problem is that thousands of spams were sent with his account, and
now they are bouncing and bouncing and bouncing...

To be sure. Of course, the same spam could have been sent through any
server; his (E)SMTP credentials need not have been compromised to do
so. Naturally, it increases the penetration of the spam if it is sent
from a legitimate and otherwise well-configured server.

If you're trying to absorb this storm of NDRs for a single recipient,
why don't you just move his e-mail alias into another mailbox and sort
through it there? There's no reason to turn off NDRs for the entire
server just because _one person_ is receiving a storm.

NDAs though initially useful, are today just a clogging, resource
wasting feature that virtually every email user ignores.

There's scant real-world evidence for your contention, but I
understand that you are frustrated because you're cleaning up after
your user's easily-guessed password or their gullibility in going to a
phishing site.

Nonetheless, your enemy is not the NDR, it's the security breach. In
fact, NDRs are often the sole signaling device that alerts us to
remote Joe Jobs and local mailbox compromises (in addition to their
primary notification function for legit e-mail).

--Sandy




------------------------------------
Sanford Whiteman, Chief Technologist
Broadleaf Systems, a division of
Cypress Integrated Systems, Inc.
------------------------------------
.

Relevant Pages

  • RE: sendmail blocking
    ... the administrator I don't receive any NDRs. ... >> mail server, and the external world that acts as a mail ... Since Nick has been receiving this junk email for a year now ... marketing mailing lists. ...
    (RedHat)
  • Re: Spam attack
    ... No NDR is generated for an SMTP message denied with a 550 regardless of whether you've configured NDRs or not. ... Once enabled and properly added to the SMTP virtual server, exchange will now generate a 550 for invalid mailboxes instead of accepting and later sending an NDR. ... Somebody can connect and just start throwing addresses at your server and seeing which ones generate 550 or 250, thus eventually gathering legitimate emails. ...
    (microsoft.public.windows.server.sbs)
  • RES: NDRs from spamming
    ... Since you will start sending out lots of NDRs to domains out there, ... your email server use to attach the original message (so message content ... By default, your mail server will issue a NDR for each NDR it receives, ... We are receiving lots of NDRs from hundreds of non-existent ...
    (Incidents)
  • Re: blocking spam ndrs that arent sent by user
    ... Have you or anyone else out there had any success in setting up the Sender ID filtering? ... The NDRs themselves are perfectly genuine, they come from legitimate mail servers, they would all pass SPF tests. ... Invalid email recipients should be detected at the SMTP transaction stage, the sending server informed and the message refused. ... Backup MX hosts that don't perform recipient verification are high on the list as well as Qmail based MTAs which almost always accept mail before firing a backscatter NDR. ...
    (microsoft.public.windows.server.sbs)
  • Re: Question on Recipient Filtering/Possible Harvest Attack
    ... What you don't want, is your server accepting messages for users who don't exist on your domain, and then having to turn around and inform the sending server of that fact. ... Not only does it waste server side resources, but the vast majority of the NDRs will never be able to be delivered because they're addressed to servers that have been 'spoofed' - they don't exist. ... I believe you've already looked up AD filtering and tarpitting, RBL and IMF you should be able to find lots of info with a google groups search of this newsgroup :-). ... be subject to a Directory Harvest Attack. ...
    (microsoft.public.windows.server.sbs)