Re: NDRs for internal clients only?
From: M Callinan (mcallinan_at_dslextreme.com)
Date: 03/31/04
- Next message: Gabriel: "Re: Upgrading Evaluation version"
- Previous message: Jon Ogden: "Re: SBS2003 Connection Manager Problem"
- In reply to: Jon Ogden: "NDRs for internal clients only?"
- Next in thread: John Bouley: "Re: NDRs for internal clients only?"
- Reply: John Bouley: "Re: NDRs for internal clients only?"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 31 Mar 2004 11:58:57 -0800
I agree that it's desirable to send NDRs to legitimate recipients that made
an honest mistake. Unfortunately, spammers can abuse NDR messages with
Reverse NDR attacks, using your email server as an unsuspecting relay, even
though you've configured all the proper security measures on Exchange. This
can even lead to your email server being blacklisted as a result. During
the time that I have had NDRs enabled, I have also noticed lots of outbound
NDR messages sitting in the mail queue trying to be returned to
mis-addressed spam. My thought to turn off NDRs for external sources, but
leave them on for internal sources, is a compromise. It will help keep my
exchange queues empty and running efficiently, reduce the amount of NDR spam
messages on the internet, and let my internal users get notified when they
make mistakes, but at the expense of some legitimate external users not
getting notified of their honest mistakes. This is a compromise I'm willing
to make at this time.
By the way, after a little googling, I was able to figure out how to
configure exchange2k3 to do what I want. If anyone is interested, I'll post
my findings.
"Jon Ogden" <anonymous@discussions.microsoft.com> wrote in message
news:11cdd01c4173f$01c01300$a001280a@phx.gbl...
> In Exchange System Manager go to the global settings
> folder and then select properties of Message Delivery.
> There is a tab in there called Sender Filtering. There's
> a checkbox that says, "Accept Messages Without Notifiying
> Sender of Filtering." But I think that only works on
> specific senders you put in that box.
>
> However, sending an NDR to the e-mail address provided
> in a spam message generally won't do anything. The e-
> mail addresses that are used are rarely valid addresses
> but are rather spoofed or forged. So the NDR gets sent
> to the forged e-mail server and has no where to go......
>
> The other alternative is to get a spam firewall that is
> external to your exchange server and just blocks the
> messages. Barracuda Networks makes several excellent
> products (easiest product I've ever deployed on my
> network). They work absolutely phenomenally.
>
> IMHO, you want NDRs sent to people from the outside who
> try to send you a valid message yet get the name or
> address wrong.
>
> Jon
> >-----Original Message-----
> >Can Exchange 2k3 be configured to deliver NDRs for mail
> being sent out of
> >the server, but not for mail coming into the server?
> People at the office
> >find the messages useful to let them know when they
> mistype an address or
> >send an attachment that's over the size limit of the
> external receiving
> >server. At the same time, sending NDRs for incoming
> spam is not desired.
> >If not possible now, this would be a good addition for a
> future release.
> >
> >
> >.
> >
- Next message: Gabriel: "Re: Upgrading Evaluation version"
- Previous message: Jon Ogden: "Re: SBS2003 Connection Manager Problem"
- In reply to: Jon Ogden: "NDRs for internal clients only?"
- Next in thread: John Bouley: "Re: NDRs for internal clients only?"
- Reply: John Bouley: "Re: NDRs for internal clients only?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
