intech2 -> Preventing Reverse NDR attacks Exchange 2000 (30.Sep.2006 7:23:30 AM)
In a perfect world, I would upgrade to Exchange 2003...but I currently do not
have the funds to do so...
I have become the latest victim in what appears to be a successful Reverse
NDR attack. I started to receive multiple NDR reports throughout the day
which seem to have come addressed from email@example.com...The email
was sent To & From firstname.lastname@example.org of course fills my
badmail folder etc...etc. In my virtual SMTP server queue, i noticed a
'remote deliver' entry going to hanmail.net...
For the time being, I have cleared my virtual SMTP queue and explicitly set
NOT to generate NDR reports through my Global Settings...This is meant to
only be a temporary fix.
Since I cannot set a recipient filter policy in Exchange 2000, and Exchange
2000 accepts ALL mail before queueing Active Directory...is there any way to
defeat these Reverse NDR attacks? I have Googled until my eyes bled and can
only come up with solutions for Exchange 2003...
Windows 2000 Server
Exchange 2000 Server Enterprise Edition
(Latest Service Packs and hotfixes applied)
My gratitude ahead of time...