Preventing Reverse NDR attacks Exchange 2000 (Full Version)

All Forums >> [Microsoft Exchange 2000] >> Server Security



Message


intech2 -> Preventing Reverse NDR attacks Exchange 2000 (30.Sep.2006 7:23:30 AM)

In a perfect world, I would upgrade to Exchange 2003...but I currently do not
have the funds to do so...
I have become the latest victim in what appears to be a successful Reverse
NDR attack. I started to receive multiple NDR reports throughout the day
which seem to have come addressed from postmaster@mydomain.com...The email
was sent To & From  unknown_user@mydomain.com.which of course fills my
badmail folder etc...etc. In my virtual SMTP server queue, i noticed a
'remote deliver' entry going to hanmail.net...
For the time being, I have cleared my virtual SMTP queue and explicitly set
NOT to generate NDR reports through my Global Settings...This is meant to
only be a temporary fix.

MY QUESTION:
Since I cannot set a recipient filter policy in Exchange 2000, and Exchange
2000 accepts ALL mail before queueing Active Directory...is there any way to
defeat these Reverse NDR attacks? I have Googled until my eyes bled and can
only come up with solutions for Exchange 2003...

MY ENVIRONMENT:
Windows 2000 Server
Exchange 2000 Server Enterprise Edition
(Latest Service Packs and hotfixes applied)

My gratitude ahead of time...




jchong -> RE: Preventing Reverse NDR attacks Exchange 2000 (22.Oct.2006 2:43:51 PM)

No natively, you would have to invest in a third party spam solution. Many of these incorporate LDAP lookups.




Page: [1]