Re: Outbound email tracking?
- From: "Russ Grover" <russ@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 13 Oct 2005 02:16:04 -0700
WOW Nathon that was a lot.. LOL
I don't know if Nathon mentioned this also,, (So much to read Laugh)
Restrict number of Recipients of "outgoing messages" to say 20 or the max
you feel you would send out.
That should slow it down, if there were someone using your mail server...
I'd probably want to see the offending email,
but I'm sure Comcast probably doesn't send you that did they?
Good luck, that's the pits.
--
Russ Grover
Small Business IT Support
SBS Rocks!
Portland/Beaverton OR
Email: Sales at SmallBusinessITSupport.com
Website: http://www.SmallBusinessITSupport.com
""Nathan Liu [MSFT]"" <v-natliu@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:VzIn7V7zFHA.2352@xxxxxxxxxxxxxxxxxxxxxxxx
> Hello Skip,
>
> Thank you for posting in the SBS newsgroup.
>
> Also, many thanks for Javier's great input.
>
> According to your description, I understand that you would like to track
> the outbound emails on the SBS Server. If I have misunderstood the
> problem,
> please don't hesitate to let me know.
>
> Javier is right on target, please kindly refer to the suggestions. In
> addition, I'm glad to provide the following information for your
> reference:
>
> 1. Enable message tracking, then check the outbound email messages under
> Tools->Message Tracking Center. Regarding how to enable Message Tracking,
> please refer to the following MS KB article:
>
> 246856 XADM: How to Enable Message Tracking in Exchange 2000 Server
> http://support.microsoft.com/?id=246856
>
> 2. You may refer to the following information to protect Exchange:
>
> A. Disable the Guest account in your SBS 2003 server and enable Stronge
> Password Protection. Everytime when you run CEICW you will be asked for
> enabling password policies after it ends. I suggest you enable it. You can
> also do that in Server Management\Users->Configure Password Policies. For
> more information, see:
>
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/
> security/bpactlck.mspx
>
> B. We can block unsafe attachments in emails by running through CEICW and
> enable Internet Email on the wizard. You should see a page named "Remove
> E-mail Attachments" where you can choose to block all or some of the
> unsafe
> attachments. For more information, you can search "Remove E-mail
> Attachments" (without the quotes) in SBS 2003 Help and Support Center.
>
> C. If you are using SMTP for incoming emails, you can install IMF
> (Intelligent Message Filter):
>
> http://www.microsoft.com/downloads/details.aspx?FamilyId=C1B08F7B-8CAF-4147-
> B074-8C9C8F277071&displaylang=en
>
> http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/imfdeploy
> mspx
>
> However if you are using POP3 Connector for incoming emails, IMF will not
> work and you can ignore it.
>
> D. You can block open relay and clean up the SMTP queues by referring to
> the following KB article:
>
> 324958 How To Block Open SMTP Relaying and Clean Up Exchange Server SMTP
> Queues
> http://support.microsoft.com/?id=324958
>
> E. You can install third party anti-spam and antivirus software however
> you
> should make sure they are fully compatible with Windows Server 2003 and
> Exchange Server 2003. Otherwise they may cause instability to the server.
> If you install antivirus software, you should exclude the SYSVOL and
> Exchange installation folder exchsrvr from being scanned. For more
> information, see:
>
> 823166 Overview of Exchange Server 2003 and antivirus software
> http://support.microsoft.com/?id=823166
>
> 822158 Virus Scanning Recommendations on a Windows 2000 Domain Controller
> http://support.microsoft.com/?id=822158
>
> F. (Do NOT use these steps unless you are under this kind of attack)
> Nowadays spammers have a new means to avoid filters built into many
> systems. They take advantage of a mail systems sending of a non-delivery
> report (NDR) when a message cannot be delivered as addressed and returns
> the original contents. Since this follows the RFC standard, most all mail
> servers will function this way. This is what is called a "Reverse NDR
> attack" (RNDR). This form of attack is becoming increasingly widespread.
> Some users get it so badly that over 33% of their Internet messages are
> attributed to this type of spam. The end result is the spammer has
> attained
> a new form of mail relaying. Your server''s resources are being stolen to
> deliver spam.
>
> How does a "Reverse NDR" attack work?
>
> Step 1 Spam email is created with the intended spam victim''s address in
> the sender field and a random, fictitious recipient, at your domain, in
> the
> To: field.
>
> Step 2 Your mail server cannot deliver the message and sends an NDR email
> back to what appears to be the sender of the original message, the spam
> victim.
>
> Step 3 The return email carries the non-delivery report and possibly the
> original spam message. Thinking it is email they sent, the spam victim
> reads the NDR and the included spam.
>
> What are the symptoms of a RNDR attack?
>
> 1. Sluggish email delivery
>
> 2. Outbound queues full of non-delivery notices
>
> 3. Excessive admin time to clear outbound queues
>
> 4. Badmail folder''s size grows quickly
>
> If you are experiencing any of the above, chances are good your mail
> server
> is under attack.
>
> To stop the RNDR from happening, follow the following steps:
>
> To Configure Recipient Filtering
>
> When you enable recipient filtering (if you are using SMTP for incoming
> emails) on the SMTP virtual server, e-mail messages that are received from
> anyone on the recipient filter are not accepted. Recipient filtering is
> set globally, but you enable it on a per-Virtual Server basis on each SMTP
> virtual server.
>
> To create a recipient filter:
>
> 1. Click "Start", point to "Programs", point to "Microsoft Exchange", and
> then click "System Manager".
>
> 2. Expand "Global Settings", right-click "Message Delivery", and then
> click
> "Properties".
>
> 3. Click the "Recipient Filtering" tab, and then click the checkbox at the
> bottom (Filter recipients who are not in the directory).
>
> 4. Specify any additional filter options that you want to configure,
> Select Apply, and then click "OK".
>
> To enable recipient filtering on the SMTP virtual server:
>
> 1. Click "Start", point to "Programs", point to "Microsoft Exchange", and
> then click "System Manager".
>
> 2. Expand "Servers", expand "<ServerName>", and then expand "Protocols".
>
> 3. Expand "SMTP", right-click "Default SMTP Virtual Server", and then
> click
> "Properties".
>
> 4. Click the "General" tab, and then click "Advanced".
>
> 5. In the "Address" list, click the IP address where you want to apply the
> recipient filter, and then click "Edit".
>
> 6. Click to select the "Apply Recipient Filter" check box, click "OK", and
> then click "OK".
>
> Note: Recipient filter rules apply only to anonymous connections.
> Authenticated users and Exchange servers bypass these validations.
>
> If you are using POP3 Connector for incoming emails, you can disable
> Exchange from sending NDR emails. See:
>
> 294757 How to Control Non-Delivery Reports Using Exchange 2000
> http://support.microsoft.com/?id=294757
>
> Best regards,
>
> Nathan Liu (MSFT)
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check
> the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In
> doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
.
- Follow-Ups:
- Re: Outbound email tracking?
- From: Skip Shean
- Re: Outbound email tracking?
- From: Skip Shean
- Re: Outbound email tracking?
- References:
- Re: Outbound email tracking?
- From: "Nathan Liu [MSFT]"
- Re: Outbound email tracking?
- Prev by Date: Re: Sharepoint SP2 Update cannot be applied
- Next by Date: Re: Outbound email tracking?
- Previous by thread: Re: Outbound email tracking?
- Next by thread: Re: Outbound email tracking?
- Index(es):
Relevant Pages
|
