Re: Undeliveable Mail showing up from my domain postmaster (exchan

Hi Kevin,

Have a look for the recent threads on this topic, and see how to enable the
AD Filter in Exchange. It's very effective for this kind of problem;
Exchange simply refuses to accept email addressed to your domain, but where
the recipient doesn't exist.

--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !


"Kevin" <Kevin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A29F5EC4-EC66-4D96-9B8D-5A0DA8AD7B00@xxxxxxxxxxxxxxxx
> not using pop mail. and the domain from which it is trying to go to is
> the
> same and a strange address:a2i@xxxxxxxxxx the user part changes.
> I added a connection filter to relays.ordb.org this week.
> I checked the relay in exchange and have not relay address in there.
> kevin...
>
> "Jerry zhao (MSFT)" wrote:
>
>> Hi Kevin,
>>
>> Thank you for the post. And thank our MVP for the answer.
>>
>> From the description, it seems that you may under the RNDR attack or the
>> sender just flood the spam to random recipients.
>>
>> For your information:
>>
>> Spammers have a new means to avoid filters built into many systems. They
>> take advantage of a mail systems sending of a non-delivery report (NDR)
>> when a message cannot be delivered as addressed and returns the original
>> contents. Since this follows the RFC standard, most all mail servers will
>> function this way. This is what is called a "Reverse NDR attack" (RNDR).
>> This form of attack is becoming increasingly widespread. Some users get
>> it
>> so badly that over 33% of their Internet messages are attributed to this
>> type of spam. The end result is the spammer has attained a new form of
>> mail
>> relaying. Your server's resources are being stolen to deliver spam.
>>
>> How does a "Reverse NDR" attack work?
>> Step 1 Spam email is created with the intended spam victim's address in
>> the
>> sender field and a random, fictitious recipient, at your domain, in the
>> To:
>> field.
>> Step 2 Your mail server cannot deliver the message and sends an NDR email
>> back to what appears to be the sender of the original message, the spam
>> victim.
>> Step 3 The return email carries the non-delivery report and possibly the
>> original spam message. Thinking it is email they sent, the spam victim
>> reads the NDR and the included spam.
>>
>> What are the symptoms of a RNDR attack?
>> 1. Sluggish email delivery
>> 2. Outbound queues full of non-delivery notices
>> 3. Excessive admin time to clear outbound queues
>> If you are experiencing any of the above, chances are good your mail
>> server
>> is under attack.
>>
>> Those NDR spam can be resolved with two simple checkboxes on Recipient
>> Filtering of the Message Delivery section of Global Settings.
>>
>> For your information:
>>
>> Exchange queues fill with many non-delivery reports from the postmaster
>> account in Small Business Server 2003
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;886208
>>
>> If it is not your case or it dose not work, please help me collect the
>> following information:
>>
>> 1. Are you using POP3 mailbox to receive mail?
>>
>> 2. What are the senders' addresses for those emails? Are they same?
>>
>> If you have any questions please do not hesitate to let me know. I am
>> glad
>> to be of assistance.
>>
>> Best regards,
>>
>> Jerry Zhao (MSFT)
>>
>> Microsoft CSS Online Newsgroup Support
>>
>> Get Secure! - www.microsoft.com/security
>>
>> =====================================================
>> When responding to posts, please "Reply to Group" via your newsreader so
>> that others may learn and benefit from your issue.
>> =====================================================
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>>
>>
>>


.

Relevant Pages

  • Re: Configure e-mail Forwarding not to include SPAM
    ... I would recommend Postini or Spam Soap to your client. ... filtered on Exchange 2000/Windows 2000 is because of a race condition. ... Exchange 2000 was probably so slow that it allowed CSE to filter the messages ...
    (microsoft.public.exchange.admin)
  • Re: Best settings for Recipient Filtering?
    ... Who Are Not in the Active Directory" checkbox stops about 75% of the spam at ... Using the Connection Filter with the Spamhaus RBL and the Spamcop RBL ... > It doesn't matter which version of Windows Exchange is on. ... > one reason that recipient filtering is so useful. ...
    (microsoft.public.exchange.admin)
  • Re: More SPAM
    ... Exchange 2003 offers allot of additional spam control features that exchange ... The content filter within Panda offers a good capability for setting up ...
    (microsoft.public.exchange2000.general)
  • Re: Recommended AntiSpam tool for Exchange (or AntiVirus Package that includes AntiSpam)
    ... I like Trend Micro Client Server Messaging Security for SMB as an Exchange aware AV product; includes an anti spam component in addition to desktop and Exchange anti virus components. ... Sender filtering: Drop connections on filter, ...
    (microsoft.public.windows.server.sbs)
  • Re: SMTP 127.0.0.1
    ... >mail port and type HELO 127.0.0.1 and see it show up in the log. ... not using Exchange as the server that's exposed to the Internet. ... EXIM won't control spam. ... train the filter with that, ...
    (microsoft.public.exchange.admin)
Loading