RE: Email Question
- From: v-jerryz@xxxxxxxxxxxxxxxxxxxx ("Jerry zhao (MSFT)")
- Date: Fri, 26 Aug 2005 08:39:57 GMT
Hi William,
Thank you for posting here.
>From the description, it seems that you may under the RNDR attack or the
sender just flood the spam to random recipients.
For your information:
Spammers have a new means to avoid filters built into many systems. They
take advantage of a mail systems sending of a non-delivery report (NDR)
when a message cannot be delivered as addressed and returns the original
contents. Since this follows the RFC standard, most all mail servers will
function this way. This is what is called a "Reverse NDR attack" (RNDR).
This form of attack is becoming increasingly widespread. Some users get it
so badly that over 33% of their Internet messages are attributed to this
type of spam. The end result is the spammer has attained a new form of mail
relaying. Your server's resources are being stolen to deliver spam.
How does a "Reverse NDR" attack work?
Step 1 Spam email is created with the intended spam victim's address in the
sender field and a random, fictitious recipient, at your domain, in the To:
field.
Step 2 Your mail server cannot deliver the message and sends an NDR email
back to what appears to be the sender of the original message, the spam
victim.
Step 3 The return email carries the non-delivery report and possibly the
original spam message. Thinking it is email they sent, the spam victim
reads the NDR and the included spam.
Those NDR spam can be resolved with two simple checkboxes on Recipient
Filtering of the Message Delivery section of Global Settings.
For your information:
Exchange queues fill with many non-delivery reports from the postmaster
account in Small Business Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;886208
If it is not your case or it dose not work, please help me collect the
following information:
1. Are you using POP3 mailbox to receive mail?
2. What are the recipients' addresses for those emails? Are they similar?
Meanwhile, it would not suggest disabling the email (exchange) feature for
the admin account.
If you have any questions please do not hesitate to let me know. I am glad
to be of assistance.
Best regards,
Jerry Zhao (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
======================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
======================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
.
- References:
- Email Question
- From: William
- Email Question
- Prev by Date: RE: SBS2003 with Windows 2003 Network design
- Next by Date: Re: OWA Premium Client Page not loading completely.
- Previous by thread: Email Question
- Next by thread: Monitoring Client Performance
- Index(es):
Relevant Pages
|
