Re: Undeliveable Mail showing up from my domain postmaster (exchan
- From: "Kevin" <Kevin@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 15 Jul 2005 04:41:02 -0700
not using pop mail. and the domain from which it is trying to go to is the
same and a strange address:a2i@xxxxxxxxxx the user part changes.
I added a connection filter to relays.ordb.org this week.
I checked the relay in exchange and have not relay address in there.
kevin...
"Jerry zhao (MSFT)" wrote:
> Hi Kevin,
>
> Thank you for the post. And thank our MVP for the answer.
>
> From the description, it seems that you may under the RNDR attack or the
> sender just flood the spam to random recipients.
>
> For your information:
>
> Spammers have a new means to avoid filters built into many systems. They
> take advantage of a mail systems sending of a non-delivery report (NDR)
> when a message cannot be delivered as addressed and returns the original
> contents. Since this follows the RFC standard, most all mail servers will
> function this way. This is what is called a "Reverse NDR attack" (RNDR).
> This form of attack is becoming increasingly widespread. Some users get it
> so badly that over 33% of their Internet messages are attributed to this
> type of spam. The end result is the spammer has attained a new form of mail
> relaying. Your server's resources are being stolen to deliver spam.
>
> How does a "Reverse NDR" attack work?
> Step 1 Spam email is created with the intended spam victim's address in the
> sender field and a random, fictitious recipient, at your domain, in the To:
> field.
> Step 2 Your mail server cannot deliver the message and sends an NDR email
> back to what appears to be the sender of the original message, the spam
> victim.
> Step 3 The return email carries the non-delivery report and possibly the
> original spam message. Thinking it is email they sent, the spam victim
> reads the NDR and the included spam.
>
> What are the symptoms of a RNDR attack?
> 1. Sluggish email delivery
> 2. Outbound queues full of non-delivery notices
> 3. Excessive admin time to clear outbound queues
> If you are experiencing any of the above, chances are good your mail server
> is under attack.
>
> Those NDR spam can be resolved with two simple checkboxes on Recipient
> Filtering of the Message Delivery section of Global Settings.
>
> For your information:
>
> Exchange queues fill with many non-delivery reports from the postmaster
> account in Small Business Server 2003
> http://support.microsoft.com/default.aspx?scid=kb;en-us;886208
>
> If it is not your case or it dose not work, please help me collect the
> following information:
>
> 1. Are you using POP3 mailbox to receive mail?
>
> 2. What are the senders' addresses for those emails? Are they same?
>
> If you have any questions please do not hesitate to let me know. I am glad
> to be of assistance.
>
> Best regards,
>
> Jerry Zhao (MSFT)
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
>
> =====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> =====================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
>
>
.
- Follow-Ups:
- Re: Undeliveable Mail showing up from my domain postmaster (exchan
- From: Les Connor [SBS Community Member - SBS MVP]
- Re: Undeliveable Mail showing up from my domain postmaster (exchan
- References:
- Undeliveable Mail showing up from my domain postmaster (exchange 2
- From: Kevin
- Re: Undeliveable Mail showing up from my domain postmaster (exchange 2
- From: Jerry zhao (MSFT)
- Undeliveable Mail showing up from my domain postmaster (exchange 2
- Prev by Date: Re: Website Error
- Next by Date: Re: ISA alerts that local users are intruding
- Previous by thread: Re: Undeliveable Mail showing up from my domain postmaster (exchange 2
- Next by thread: Re: Undeliveable Mail showing up from my domain postmaster (exchan
- Index(es):
Relevant Pages
|
