Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

add your domain to Block List

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2007] >> General >> add your domain to Block List Page: [1]
Login
Message << Older Topic   Newer Topic >>
Limited time MSExchange.org offer! -- 1.Sep.2008 1:00:00 PM
TechGenix and SolarWinds have partnered to provide free copies of SolarWinds Exchange Monitor to all visitors who join the MSExchange.org Forums. SolarWinds Exchange Monitor is a handy desktop dashboard that continuously monitors Microsoft Exchange to deliver real-time insight into Exchange services, mail queue sizes, and host server health. Learn more about Exchange Monitor and the free offer!
add your domain to Block List - 15.May2008 4:23:58 PM   
savesheep

 

Posts: 7
Joined: 15.May2008
Status: offline 		I have exchange 2007 and it seems that our email is being spoofed by somebody else sending out distribution lists and using our email addresses as the reply-to or receipt. So we are receiving way to many NDR's for no reason. I found some information somewhere telling me this:

Add your own domain (whole domain into Block list) I know this will sound weird (- : This won't cause any mail interruption, even though it sounds like it, basically it will stop someone is spoofing a valid address from your company and sending message back inside your Authoritative SMTP domain and making it look like it came from inside

Does this sound right?
Post #: 1
RE: add your domain to Block List - 15.May2008 5:30:03 PM   
Sembee

 

Posts: 3960
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline 		That will not stop the NDRs.
Your server has to accept the NDRs that are delivered to it. What you are seeing is very common unfortunately and there is close to nothing you can do.
The real problem is clueless network admins who bounce spam after accepting it for delivery, rather than rejecting it at the point of delivery.

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/

(in reply to savesheep)
Post #: 2
RE: add your domain to Block List - 15.May2008 6:40:45 PM   
savesheep

 

Posts: 7
Joined: 15.May2008
Status: offline 		so there really is nothing i can do to stop these? We get hundreds a day.

I mean, any way to make my system more secure? SMTP relay IS closed, besides that, is there another anonymous smtp connection? Is there a way i can not allow messages sent to distribution lists? maybe that'll make sure we're not being used to send spam.

thanks!!

(in reply to Sembee)
Post #: 3
RE: add your domain to Block List - 16.May2008 7:42:13 AM   
Sembee

 

Posts: 3960
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline 		It has nothing to do with your system. A server that is completely secure will still get the messages. If your server is accepting email from the internet then you are at risk.

If there is no need for anyone external to send to distribution lists then you can block external access to them. That is a setting that I apply as a standard setting.
http://www.amset.info/exchange/groups-secure.asp

Some antispam applications are now getting better at detecting these types of messages, which are known as back scatter. It will never be 100% effective because you have to accept the messages. Therefore you should speak to your antispam vendor to see whether anything can be set in the product.

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/

(in reply to savesheep)
Post #: 4
RE: add your domain to Block List - 16.May2008 8:41:11 AM   
bstiles

 

Posts: 10
Joined: 8.Apr.2008
Status: offline 		We had the same problem , until we started to use an internet based email pass through spam filter, such as postini or mailcontroller this has not cured the problem but greatly reduced the amount we are recieving.

(in reply to Sembee)
Post #: 5
RE: add your domain to Block List - 16.May2008 8:43:15 AM   
savesheep

 

Posts: 7
Joined: 15.May2008
Status: offline 		I use the GFI spam tools. they're very good for catching all the spam, its just these NDR's are getting old.

I understand that my server has to receive them, but do they have to get to the mailboxes? I went and added the word Undeliverable as a spam word hoping it would catch those emails. Unfortunately, we still get a lot of them. :/

(in reply to Sembee)
Post #: 6
RE: add your domain to Block List - 16.May2008 8:52:48 AM   
Sembee

 

Posts: 3960
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline 		The problem with trying to configure an antispam tool to block the messages is that you may well block legitimate NDRs. Then your users may not know that their message hasn't been delivered.

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/

(in reply to savesheep)
Post #: 7
RE: add your domain to Block List - 16.May2008 8:54:18 AM   
savesheep

 

Posts: 7
Joined: 15.May2008
Status: offline
quote:

ORIGINAL: Sembee
The real problem is clueless network admins who bounce spam after accepting it for delivery, rather than rejecting it at the point of delivery.


What do I have to do to set up exchange so i'm not just another 'clueless network admin' ?

(in reply to Sembee)
Post #: 8
RE: add your domain to Block List - 16.May2008 8:56:17 AM   
savesheep

 

Posts: 7
Joined: 15.May2008
Status: offline 		At this point, I would love to block all NDR's. We probably get about 50 legit emails per day, amongst the whole company...and probably close to 200-300 NDR's per day.

I understand that it is not recommended, but can I block all NDR's for now, without rejecting them and looking like a spam server?

(in reply to Sembee)
Post #: 9
RE: add your domain to Block List - 16.May2008 1:06:45 PM   
Sembee

 

Posts: 3960
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline 		If you use recipient filtering which is part of the antispam agents in Exchange 2007 and do not set any of the agents to REJECT spam, only quarantine or delete. The same goes for any other product that you might have. If you cannot block the email at the point of delivery, do not reject it.

You cannot block NDRs without risking getting blacklisted.

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/

(in reply to savesheep)
Post #: 10
RE: add your domain to Block List - 16.May2008 2:35:35 PM   
doctortt

 

Posts: 546
Joined: 26.Jan.2006
Status: offline 		We had the same problem before. We used to receive tonsss of fake NDRs per day.  Spoke with our anti-spam vendor (clearswift mimesweeper) - the tech told us that most of the fake NDRs had blank sender, and it worked. After setting a rule on our anti-spam system, we immediately see these fake NDRs getting blocked.  The only NDR that there is nothing you can do is reverse NDR.

(in reply to savesheep)
Post #: 11
RE: add your domain to Block List - 16.May2008 8:23:11 PM   
savesheep

 

Posts: 7
Joined: 15.May2008
Status: offline 		In exchange I have the box check marked to block email from blank senders. But the problem we have here is that a blank sender may send the email to somebody else with our return address, that server in return rejects the email, thus putting a sender in it..so we still get the email. Unless you know of a way to block emails that have had a blank sender in them a one point?

thanks doctortt.

(in reply to doctortt)
Post #: 12
RE: add your domain to Block List - 4.Jun.2008 3:48:49 PM   
gabrie

 

Posts: 4
Joined: 4.Dec.2007
Status: offline 		Have a look at this, not for exchange, but might give you an idea:
http://www.postini.com/webdocs/rel_notes/announce/bulletin_ndr.pdf

(in reply to savesheep)
Post #: 13
RE: add your domain to Block List - 4.Jun.2008 6:40:04 PM   
longman111

 

Posts: 92
Joined: 19.Jun.2007
Status: offline 		GFI has an update for version 12 that helps with this issue.

(in reply to savesheep)
Post #: 14
RE: add your domain to Block List - 4.Jun.2008 9:23:27 PM   
savesheep

 

Posts: 7
Joined: 15.May2008
Status: offline 		How do I go about updating GFI?

Thanks

(in reply to longman111)
Post #: 15
RE: add your domain to Block List - 5.Jun.2008 7:02:17 AM   
Sembee

 

Posts: 3960
Joined: 17.Jan.2008
From: Somewhere near London, UK
Status: offline 		Do you own GFI Mail Essentials (http://www.gfi.com/) ?
If not then you will have to purchase it. If you do then you will need to contact them about the upgrade.

Simon.

_____________________________

Simon Butler,
Exchange MVP
Blog: http://www.sembee.co.uk/
Web: http://www.amset.info/
In the UK? Hire me: http://www.amset.co.uk/

(in reply to savesheep)
Post #: 16
RE: add your domain to Block List - 5.Jun.2008 8:34:37 PM   
longman111

 

Posts: 92
Joined: 19.Jun.2007
Status: offline 		If you have a maintenance contract then download the latest version and install it. Also search there knowledge base for the ndr issue you described.

(in reply to savesheep)
Post #: 17

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2007] >> General >> add your domain to Block List Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts