• RSS
  • Twitter
  • FaceBook

Exchange Server Forums

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

Users no longer with the company

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [Microsoft Exchange 2000] >> Server Security >> Users no longer with the company Page: [1]
Login
Message << Older Topic   Newer Topic >>
Users no longer with the company - 5.Mar.2003 9:39:00 PM   
Glennt

 

Posts: 44
Joined: 17.Dec.2002
From: North Carolina
Status: offline
I have a problem that adds to my daily spam intake. Users that have left the company still recieve spam causing an immediate NDR once Exchange realizes the user is not in the Address Book.

What I would like to do is compile a list of these pepole and set up some kind of filter or black hole to keep these e-mails from clogging up the outbound queue.

The exchange SMTP filters don't look like they would work becuase I need to filter on recipient and not the sender like I would with the spam originator.

Is there a way to configure lists of users that would cause the e-mail to be dropped without any logging or notification. Would this be done with an "Event Sink"?
Post #: 1
RE: Users no longer with the company - 6.Mar.2003 4:37:00 AM   
Exchange_Admin

 

Posts: 376
Joined: 23.Feb.2003
From: Texas
Status: offline
Here is one way I have heard of:
1. Create a distribution list. Maybe call it Past employees. Do not put anyone in this DL.
2. Note the SMTP address of the user that has left.
3. Delete the email account or remove the SMTP address from the mailbox if you wish to retain the mailbox.
4. Go to the properties of the DL from step 1. Add the SMTP address noted in step 2 to the email addresses tab of the DL.

Now all messages should be "delivered" to the DL that has no members.
When a user leaves the company, add that users SMTP address to the DL also.

[ March 06, 2003, 04:39 AM: Message edited by: Exchange_Admin ]

(in reply to Glennt)
Post #: 2
RE: Users no longer with the company - 6.Mar.2003 4:16:00 PM   
Glennt

 

Posts: 44
Joined: 17.Dec.2002
From: North Carolina
Status: offline
Thanks,
This looks simple enough, I will give it a try today.

(in reply to Glennt)
Post #: 3
RE: Users no longer with the company - 6.Mar.2003 8:56:00 PM   
Glennt

 

Posts: 44
Joined: 17.Dec.2002
From: North Carolina
Status: offline
The DL idea did not work for me. My server is Exchange 2000, when I create a Universal Distribution Group for the DL I can only select user objects from Active directory. I already deleted these users instead of disabling their accounts.

I am trying this idea where I created a mailbox called spam and I added all the SMTP addresses to it to make a spam trap. Once I have a sample of spam I can add each one to the junk or adult senders list. Then I can take the TXT file from the senders list and use that to manually build my SMTP filters on the server.

This is very crude but I think/hope I can block some of this junk. Unfortunately like any filter if you do not clean it then its effectiveness decreases over time.

(in reply to Glennt)
Post #: 4
RE: Users no longer with the company - 7.Mar.2003 6:09:00 PM   
space

 

Posts: 61
Joined: 26.Sep.2002
From: Dallas, TX
Status: offline
You didn't do the DL thingy right.
You stated that you couldn't "add the user" as they had been deleted from Active Directory.
You weren't supposed to add the user...
Remember, the DL has NO USERS!
Thats the beauty of it, when it receives e-mail for the people that have left the company, the e-mail never enters the information store, it just evaporates sorta... You need to add the e-mail addresses of the users, not the users accounts.
This works great and is simple to implement.

Ron

(in reply to Glennt)
Post #: 5
RE: Users no longer with the company - 10.Mar.2003 3:24:00 PM   
Glennt

 

Posts: 44
Joined: 17.Dec.2002
From: North Carolina
Status: offline
My Bust,
I wasn't paying attention as usual. Thanks for the tip.

Just for fun I set up a mailbox and entered all these users to make a spam trap and see what was comming into the company. There is no way you could write filters and maintain IP blocking lists to keep up with this Vile junk and some of it is downright dirty.

I set up a extra machine in my cube to monitor this mailbox. I recieve about two spams per minute for a total of over 600 a day for only 25 names that are no longer with the company. That is over 600 NDR's per day my server is trying to deliver.

My goal with this DL tip is to create a black hole so my server doesn't waste any time trying to contact 600 spoofed return addresses every day.

Now if I could only help the legitimate users.

Thanks for the help.

(in reply to Glennt)
Post #: 6
RE: Users no longer with the company - 2.Apr.2003 5:35:00 PM   
Joeri

 

Posts: 3
Joined: 1.Apr.2003
From: Netherlands
Status: offline
still i would like to know what happens with the messages if u make a DL like this...u said they sorta vaporize...meaning they dont come in 'badmail directory' or something....

(in reply to Glennt)
Post #: 7
RE: Users no longer with the company - 4.Apr.2003 7:25:00 PM   
Glennt

 

Posts: 44
Joined: 17.Dec.2002
From: North Carolina
Status: offline
I must say this method has worked for me. My postmaster mailbox recieves about 10 NDRs a day down from 1000. I must have about 50 names on this DL and I keep adding them as new ones pop up.

I agree with joeri in that I would like to know what the server does with them once the SMTP connector recieves them. I guess it hands it over to the MTA and the MTA drops it into the bit bucket.

(in reply to Glennt)
Post #: 8
RE: Users no longer with the company - 9.Apr.2003 11:15:00 AM   
Fluffball

 

Posts: 99
Joined: 1.Apr.2003
From: London, UK
Status: offline
We use a Linux server, running qmail, processesing all our incomming SMTP mail. It blocks addresses we don't want and sends on everything else to exchange.

It's cheap and it works well!

Otherwise, if you prefer a Microsoft based solution, you could use a Clearswift Mailsweeper server to pre-process your inbound SMTP mail. It can also automatically block SPAM and scan for viruses.

(in reply to Glennt)
Post #: 9
RE: Users no longer with the company - 15.Apr.2003 7:04:00 PM   
Glennt

 

Posts: 44
Joined: 17.Dec.2002
From: North Carolina
Status: offline
I now have this list of users SMTP addresses assigned to a DL. How can I print or export this list of SMTP addresses from the DL?

(in reply to Glennt)
Post #: 10
RE: Users no longer with the company - 1.May2003 9:23:00 PM   
jeff.jackson@rbza.com

 

Posts: 3
Joined: 28.Apr.2003
From: Southern California
Status: offline
FluffBall, curiousity question for you. If you receive a message addressed multiple recipients, some on the block list and some not, does it pass the mail thru to the users who aren't blocked, or does it block it for everyone?

(in reply to Glennt)
Post #: 11
RE: Users no longer with the company - 10.Jun.2003 5:24:00 PM   
egecko

 

Posts: 9
Joined: 24.Apr.2003
From: Tucson, AZ
Status: offline
Smoke and Mirrors,

We too had the same problem as Glennt. I took the advice of the Exchange_Admin, and to my surprise, it worked. I too am wondering where they are vaporizing to. I am also monitoring my server to see if there are significant changes. So far so good. I also sent an email to multiple recipients including some that are now in this new DL and everything went through okay, nothing was blocked. Seems to me like this is a good fix. I will definitely make a post should we find something wrong with this fix.

Regards,
Scott

(in reply to Glennt)
Post #: 12
RE: Users no longer with the company - 7.Aug.2003 8:20:00 PM   
Roach

 

Posts: 24
Joined: 28.May2003
From: Montreal, Canada
Status: offline
quote:
Originally posted by Exchange_Admin:
Here is one way I have heard of:
1. Create a distribution list. Maybe call it Past employees. Do not put anyone in this DL.
2. Note the SMTP address of the user that has left.
3. Delete the email account or remove the SMTP address from the mailbox if you wish to retain the mailbox.
4. Go to the properties of the DL from step 1. Add the SMTP address noted in step 2 to the email addresses tab of the DL.

Now all messages should be "delivered" to the DL that has no members.
When a user leaves the company, add that users SMTP address to the DL also.

Question though...Where does the email endup? they must take up some space somewhere no? [Confused]

(in reply to Glennt)
Post #: 13
RE: Users no longer with the company - 8.Aug.2003 11:05:00 PM   
mfugatt

 

Posts: 479
Joined: 7.Apr.2002
From: United Kingdom
Status: offline
They dont take up space, Exchange process the message based on the fact that the DL has the email address and it sends the message to the members of the DL, because there are no members in the DL Exchange has done its job, and the SMTP Process is complete.

(in reply to Glennt)
Post #: 14
RE: Users no longer with the company - 10.Aug.2003 8:34:00 AM   
shahid

 

Posts: 82
Joined: 10.Jul.2003
From: dubai
Status: offline
i want to know that where is distribution list located in exchange 2k. or i will have to make it if yes then please tell me how??
i am new to exch. 2k

thanks in advance
shahid

(in reply to Glennt)
Post #: 15

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [Microsoft Exchange 2000] >> Server Security >> Users no longer with the company Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


Follow TechGenix on Twitter