Re: Outbound email tracking?
- From: "Skip Shean" <skipshean@xxxxxxxxxxxx(donotspam)>
- Date: Thu, 13 Oct 2005 22:34:10 -0500
Found it, never mind...looked in the queues, and see a ton of stuff in
there. Think that even though everything is saying that I'm not an open
relay, someone must have gotten a password or something. I've cut off
relaying to everyone and we'll go from there through all this stuff.
"Skip Shean" <skipshean@xxxxxxxxxxxx(donotspam)> wrote in message
news:OF4lNxG0FHA.3720@xxxxxxxxxxxxxxxxxxxxxxx
> By the way, Russ...the restriction's minimum recipients is 100. Seems
> pretty high to me...that was in the SMTP server properties, messages tab.
>
>
> "Russ Grover" <russ@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:e$Gd$a9zFHA.2792@xxxxxxxxxxxxxxxxxxxxxxx
>> WOW Nathon that was a lot.. LOL
>>
>> I don't know if Nathon mentioned this also,, (So much to read Laugh)
>>
>> Restrict number of Recipients of "outgoing messages" to say 20 or the max
>> you feel you would send out.
>> That should slow it down, if there were someone using your mail server...
>>
>> I'd probably want to see the offending email,
>> but I'm sure Comcast probably doesn't send you that did they?
>>
>> Good luck, that's the pits.
>>
>> --
>> Russ Grover
>> Small Business IT Support
>> SBS Rocks!
>> Portland/Beaverton OR
>> Email: Sales at SmallBusinessITSupport.com
>> Website: http://www.SmallBusinessITSupport.com
>>
>>
>> ""Nathan Liu [MSFT]"" <v-natliu@xxxxxxxxxxxxxxxxxxxx> wrote in message
>> news:VzIn7V7zFHA.2352@xxxxxxxxxxxxxxxxxxxxxxxx
>>> Hello Skip,
>>>
>>> Thank you for posting in the SBS newsgroup.
>>>
>>> Also, many thanks for Javier's great input.
>>>
>>> According to your description, I understand that you would like to track
>>> the outbound emails on the SBS Server. If I have misunderstood the
>>> problem,
>>> please don't hesitate to let me know.
>>>
>>> Javier is right on target, please kindly refer to the suggestions. In
>>> addition, I'm glad to provide the following information for your
>>> reference:
>>>
>>> 1. Enable message tracking, then check the outbound email messages
>>> under
>>> Tools->Message Tracking Center. Regarding how to enable Message
>>> Tracking,
>>> please refer to the following MS KB article:
>>>
>>> 246856 XADM: How to Enable Message Tracking in Exchange 2000 Server
>>> http://support.microsoft.com/?id=246856
>>>
>>> 2. You may refer to the following information to protect Exchange:
>>>
>>> A. Disable the Guest account in your SBS 2003 server and enable Stronge
>>> Password Protection. Everytime when you run CEICW you will be asked for
>>> enabling password policies after it ends. I suggest you enable it. You
>>> can
>>> also do that in Server Management\Users->Configure Password Policies.
>>> For
>>> more information, see:
>>>
>>> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/
>>> security/bpactlck.mspx
>>>
>>> B. We can block unsafe attachments in emails by running through CEICW
>>> and
>>> enable Internet Email on the wizard. You should see a page named "Remove
>>> E-mail Attachments" where you can choose to block all or some of the
>>> unsafe
>>> attachments. For more information, you can search "Remove E-mail
>>> Attachments" (without the quotes) in SBS 2003 Help and Support Center.
>>>
>>> C. If you are using SMTP for incoming emails, you can install IMF
>>> (Intelligent Message Filter):
>>>
>>> http://www.microsoft.com/downloads/details.aspx?FamilyId=C1B08F7B-8CAF-4147-
>>> B074-8C9C8F277071&displaylang=en
>>>
>>> http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/imfdeploy
>>> mspx
>>>
>>> However if you are using POP3 Connector for incoming emails, IMF will
>>> not
>>> work and you can ignore it.
>>>
>>> D. You can block open relay and clean up the SMTP queues by referring to
>>> the following KB article:
>>>
>>> 324958 How To Block Open SMTP Relaying and Clean Up Exchange Server SMTP
>>> Queues
>>> http://support.microsoft.com/?id=324958
>>>
>>> E. You can install third party anti-spam and antivirus software however
>>> you
>>> should make sure they are fully compatible with Windows Server 2003 and
>>> Exchange Server 2003. Otherwise they may cause instability to the
>>> server.
>>> If you install antivirus software, you should exclude the SYSVOL and
>>> Exchange installation folder exchsrvr from being scanned. For more
>>> information, see:
>>>
>>> 823166 Overview of Exchange Server 2003 and antivirus software
>>> http://support.microsoft.com/?id=823166
>>>
>>> 822158 Virus Scanning Recommendations on a Windows 2000 Domain
>>> Controller
>>> http://support.microsoft.com/?id=822158
>>>
>>> F. (Do NOT use these steps unless you are under this kind of attack)
>>> Nowadays spammers have a new means to avoid filters built into many
>>> systems. They take advantage of a mail systems sending of a non-delivery
>>> report (NDR) when a message cannot be delivered as addressed and returns
>>> the original contents. Since this follows the RFC standard, most all
>>> servers will function this way. This is what is called a "Reverse NDR
>>> attack" (RNDR). This form of attack is becoming increasingly widespread.
>>> Some users get it so badly that over 33% of their Internet messages are
>>> attributed to this type of spam. The end result is the spammer has
>>> attained
>>> a new form of mail relaying. Your server''s resources are being stolen
>>> to
>>> deliver spam.
>>>
>>> How does a "Reverse NDR" attack work?
>>>
>>> Step 1 Spam email is created with the intended spam victim''s address in
>>> the sender field and a random, fictitious recipient, at your domain, in
>>> the
>>> To: field.
>>>
>>> Step 2 Your mail server cannot deliver the message and sends an NDR
>>> back to what appears to be the sender of the original message, the spam
>>> victim.
>>>
>>> Step 3 The return email carries the non-delivery report and possibly the
>>> original spam message. Thinking it is email they sent, the spam victim
>>> reads the NDR and the included spam.
>>>
>>> What are the symptoms of a RNDR attack?
>>>
>>> 1. Sluggish email delivery
>>>
>>> 2. Outbound queues full of non-delivery notices
>>>
>>> 3. Excessive admin time to clear outbound queues
>>>
>>> 4. Badmail folder''s size grows quickly
>>>
>>> If you are experiencing any of the above, chances are good your mail
>>> server
>>> is under attack.
>>>
>>> To stop the RNDR from happening, follow the following steps:
>>>
>>> To Configure Recipient Filtering
>>>
>>> When you enable recipient filtering (if you are using SMTP for incoming
>>> emails) on the SMTP virtual server, e-mail messages that are received
>>> from
>>> anyone on the recipient filter are not accepted. Recipient filtering is
>>> set globally, but you enable it on a per-Virtual Server basis on each
>>> SMTP
>>> virtual server.
>>>
>>> To create a recipient filter:
>>>
>>> 1. Click "Start", point to "Programs", point to "Microsoft Exchange",
>>> and
>>> then click "System Manager".
>>>
>>> 2. Expand "Global Settings", right-click "Message Delivery", and then
>>> click
>>> "Properties".
>>>
>>> 3. Click the "Recipient Filtering" tab, and then click the checkbox at
>>> the
>>> bottom (Filter recipients who are not in the directory).
>>>
>>> 4. Specify any additional filter options that you want to configure,
>>> Select Apply, and then click "OK".
>>>
>>> To enable recipient filtering on the SMTP virtual server:
>>>
>>> 1. Click "Start", point to "Programs", point to "Microsoft Exchange",
>>> and
>>> then click "System Manager".
>>>
>>> 2. Expand "Servers", expand "<ServerName>", and then expand "Protocols".
>>>
>>> 3. Expand "SMTP", right-click "Default SMTP Virtual Server", and then
>>> click
>>> "Properties".
>>>
>>> 4. Click the "General" tab, and then click "Advanced".
>>>
>>> 5. In the "Address" list, click the IP address where you want to apply
>>> the
>>> recipient filter, and then click "Edit".
>>>
>>> 6. Click to select the "Apply Recipient Filter" check box, click "OK",
>>> and
>>> then click "OK".
>>>
>>> Note: Recipient filter rules apply only to anonymous connections.
>>> Authenticated users and Exchange servers bypass these validations.
>>>
>>> If you are using POP3 Connector for incoming emails, you can disable
>>> Exchange from sending NDR emails. See:
>>>
>>> 294757 How to Control Non-Delivery Reports Using Exchange 2000
>>> http://support.microsoft.com/?id=294757
>>>
>>> Best regards,
>>>
>>> Nathan Liu (MSFT)
>>> Microsoft CSS Online Newsgroup Support
>>>
>>> Get Secure! - www.microsoft.com/security
>>> ======================================================
>>> This newsgroup only focuses on SBS technical issues. If you have issues
>>> regarding other Microsoft products, you'd better post in the
>>> corresponding
>>> newsgroups so that they can be resolved in an efficient and timely
>>> manner.
>>> You can locate the newsgroup here:
>>> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>>>
>>> When opening a new thread via the web interface, we recommend you check
>>> the
>>> "Notify me of replies" box to receive e-mail notifications when there
>>> are
>>> any updates in your thread. When responding to posts via your
>>> newsreader,
>>> please "Reply to Group" so that others may learn and benefit from your
>>> issue.
>>>
>>> Microsoft engineers can only focus on one issue per thread. Although we
>>> provide other information for your reference, we recommend you post
>>> different incidents in different threads to keep the thread clean. In
>>> doing
>>> so, it will ensure your issues are resolved in a timely manner.
>>>
>>> For urgent issues, you may want to contact Microsoft CSS directly.
>>> Please
>>> check http://support.microsoft.com for regional support phone numbers.
>>>
>>> Any input or comments in this thread are highly appreciated.
>>> ======================================================
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights.
>>>
>>
>>
>
>
.
- References:
- Re: Outbound email tracking?
- From: "Nathan Liu [MSFT]"
- Re: Outbound email tracking?
- From: Russ Grover
- Re: Outbound email tracking?
- From: Skip Shean
- Re: Outbound email tracking?
- Prev by Date: Re: faster shurdown
- Next by Date: RE: open port 8443 (isa2004)
- Previous by thread: Re: Outbound email tracking?
- Next by thread: Re: Outbound email tracking?
- Index(es):
Relevant Pages
|
