Re: Outbound email tracking?
- From: "Skip Shean" <skipshean@xxxxxxxxxxxx(donotspam)>
- Date: Thu, 13 Oct 2005 21:16:43 -0500
Of course not...Comcast says they can't send me the headers. I spent 10
minutes trying to explain to the "technology experts" there that with the
headers, I could probably figure out what machine or account was the problem
and have it shut down in 2 minutes, but NOOOO.
That's why they call it "Customer Service". The customer does the service!
:-)
"Russ Grover" <russ@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:e$Gd$a9zFHA.2792@xxxxxxxxxxxxxxxxxxxxxxx
> WOW Nathon that was a lot.. LOL
>
> I don't know if Nathon mentioned this also,, (So much to read Laugh)
>
> Restrict number of Recipients of "outgoing messages" to say 20 or the max
> you feel you would send out.
> That should slow it down, if there were someone using your mail server...
>
> I'd probably want to see the offending email,
> but I'm sure Comcast probably doesn't send you that did they?
>
> Good luck, that's the pits.
>
> --
> Russ Grover
> Small Business IT Support
> SBS Rocks!
> Portland/Beaverton OR
> Email: Sales at SmallBusinessITSupport.com
> Website: http://www.SmallBusinessITSupport.com
>
>
> ""Nathan Liu [MSFT]"" <v-natliu@xxxxxxxxxxxxxxxxxxxx> wrote in message
> news:VzIn7V7zFHA.2352@xxxxxxxxxxxxxxxxxxxxxxxx
>> Hello Skip,
>>
>> Thank you for posting in the SBS newsgroup.
>>
>> Also, many thanks for Javier's great input.
>>
>> According to your description, I understand that you would like to track
>> the outbound emails on the SBS Server. If I have misunderstood the
>> problem,
>> please don't hesitate to let me know.
>>
>> Javier is right on target, please kindly refer to the suggestions. In
>> addition, I'm glad to provide the following information for your
>> reference:
>>
>> 1. Enable message tracking, then check the outbound email messages under
>> Tools->Message Tracking Center. Regarding how to enable Message Tracking,
>> please refer to the following MS KB article:
>>
>> 246856 XADM: How to Enable Message Tracking in Exchange 2000 Server
>> http://support.microsoft.com/?id=246856
>>
>> 2. You may refer to the following information to protect Exchange:
>>
>> A. Disable the Guest account in your SBS 2003 server and enable Stronge
>> Password Protection. Everytime when you run CEICW you will be asked for
>> enabling password policies after it ends. I suggest you enable it. You
>> can
>> also do that in Server Management\Users->Configure Password Policies. For
>> more information, see:
>>
>> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/
>> security/bpactlck.mspx
>>
>> B. We can block unsafe attachments in emails by running through CEICW and
>> enable Internet Email on the wizard. You should see a page named "Remove
>> E-mail Attachments" where you can choose to block all or some of the
>> unsafe
>> attachments. For more information, you can search "Remove E-mail
>> Attachments" (without the quotes) in SBS 2003 Help and Support Center.
>>
>> C. If you are using SMTP for incoming emails, you can install IMF
>> (Intelligent Message Filter):
>>
>> http://www.microsoft.com/downloads/details.aspx?FamilyId=C1B08F7B-8CAF-4147-
>> B074-8C9C8F277071&displaylang=en
>>
>> http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/imfdeploy
>> mspx
>>
>> However if you are using POP3 Connector for incoming emails, IMF will not
>> work and you can ignore it.
>>
>> D. You can block open relay and clean up the SMTP queues by referring to
>> the following KB article:
>>
>> 324958 How To Block Open SMTP Relaying and Clean Up Exchange Server SMTP
>> Queues
>> http://support.microsoft.com/?id=324958
>>
>> E. You can install third party anti-spam and antivirus software however
>> you
>> should make sure they are fully compatible with Windows Server 2003 and
>> Exchange Server 2003. Otherwise they may cause instability to the server.
>> If you install antivirus software, you should exclude the SYSVOL and
>> Exchange installation folder exchsrvr from being scanned. For more
>> information, see:
>>
>> 823166 Overview of Exchange Server 2003 and antivirus software
>> http://support.microsoft.com/?id=823166
>>
>> 822158 Virus Scanning Recommendations on a Windows 2000 Domain Controller
>> http://support.microsoft.com/?id=822158
>>
>> F. (Do NOT use these steps unless you are under this kind of attack)
>> Nowadays spammers have a new means to avoid filters built into many
>> systems. They take advantage of a mail systems sending of a non-delivery
>> report (NDR) when a message cannot be delivered as addressed and returns
>> the original contents. Since this follows the RFC standard, most all mail
>> servers will function this way. This is what is called a "Reverse NDR
>> attack" (RNDR). This form of attack is becoming increasingly widespread.
>> Some users get it so badly that over 33% of their Internet messages are
>> attributed to this type of spam. The end result is the spammer has
>> attained
>> a new form of mail relaying. Your server''s resources are being stolen to
>> deliver spam.
>>
>> How does a "Reverse NDR" attack work?
>>
>> Step 1 Spam email is created with the intended spam victim''s address in
>> the sender field and a random, fictitious recipient, at your domain, in
>> the
>> To: field.
>>
>> Step 2 Your mail server cannot deliver the message and sends an NDR email
>> back to what appears to be the sender of the original message, the spam
>> victim.
>>
>> Step 3 The return email carries the non-delivery report and possibly the
>> original spam message. Thinking it is email they sent, the spam victim
>> reads the NDR and the included spam.
>>
>> What are the symptoms of a RNDR attack?
>>
>> 1. Sluggish email delivery
>>
>> 2. Outbound queues full of non-delivery notices
>>
>> 3. Excessive admin time to clear outbound queues
>>
>> 4. Badmail folder''s size grows quickly
>>
>> If you are experiencing any of the above, chances are good your mail
>> server
>> is under attack.
>>
>> To stop the RNDR from happening, follow the following steps:
>>
>> To Configure Recipient Filtering
>>
>> When you enable recipient filtering (if you are using SMTP for incoming
>> emails) on the SMTP virtual server, e-mail messages that are received
>> from
>> anyone on the recipient filter are not accepted. Recipient filtering is
>> set globally, but you enable it on a per-Virtual Server basis on each
>> SMTP
>> virtual server.
>>
>> To create a recipient filter:
>>
>> 1. Click "Start", point to "Programs", point to "Microsoft Exchange", and
>> then click "System Manager".
>>
>> 2. Expand "Global Settings", right-click "Message Delivery", and then
>> click
>> "Properties".
>>
>> 3. Click the "Recipient Filtering" tab, and then click the checkbox at
>> the
>> bottom (Filter recipients who are not in the directory).
>>
>> 4. Specify any additional filter options that you want to configure,
>> Select Apply, and then click "OK".
>>
>> To enable recipient filtering on the SMTP virtual server:
>>
>> 1. Click "Start", point to "Programs", point to "Microsoft Exchange", and
>> then click "System Manager".
>>
>> 2. Expand "Servers", expand "<ServerName>", and then expand "Protocols".
>>
>> 3. Expand "SMTP", right-click "Default SMTP Virtual Server", and then
>> click
>> "Properties".
>>
>> 4. Click the "General" tab, and then click "Advanced".
>>
>> 5. In the "Address" list, click the IP address where you want to apply
>> the
>> recipient filter, and then click "Edit".
>>
>> 6. Click to select the "Apply Recipient Filter" check box, click "OK",
>> and
>> then click "OK".
>>
>> Note: Recipient filter rules apply only to anonymous connections.
>> Authenticated users and Exchange servers bypass these validations.
>>
>> If you are using POP3 Connector for incoming emails, you can disable
>> Exchange from sending NDR emails. See:
>>
>> 294757 How to Control Non-Delivery Reports Using Exchange 2000
>> http://support.microsoft.com/?id=294757
>>
>> Best regards,
>>
>> Nathan Liu (MSFT)
>> Microsoft CSS Online Newsgroup Support
>>
>> Get Secure! - www.microsoft.com/security
>> ======================================================
>> This newsgroup only focuses on SBS technical issues. If you have issues
>> regarding other Microsoft products, you'd better post in the
>> corresponding
>> newsgroups so that they can be resolved in an efficient and timely
>> manner.
>> You can locate the newsgroup here:
>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>
>> When opening a new thread via the web interface, we recommend you check
>> the
>> "Notify me of replies" box to receive e-mail notifications when there are
>> any updates in your thread. When responding to posts via your newsreader,
>> please "Reply to Group" so that others may learn and benefit from your
>> issue.
>>
>> Microsoft engineers can only focus on one issue per thread. Although we
>> provide other information for your reference, we recommend you post
>> different incidents in different threads to keep the thread clean. In
>> doing
>> so, it will ensure your issues are resolved in a timely manner.
>>
>> For urgent issues, you may want to contact Microsoft CSS directly. Please
>> check http://support.microsoft.com for regional support phone numbers.
>>
>> Any input or comments in this thread are highly appreciated.
>> ======================================================
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>
>
.
- References:
- Re: Outbound email tracking?
- From: "Nathan Liu [MSFT]"
- Re: Outbound email tracking?
- From: Russ Grover
- Re: Outbound email tracking?
- Prev by Date: Re: FTP enabled but...
- Next by Date: Re: Automatic Windows Update
- Previous by thread: Re: Outbound email tracking?
- Next by thread: Re: Outbound email tracking?
- Index(es):
Relevant Pages
|
Loading
