Users no longer with the company (Full Version)

All Forums >> [Microsoft Exchange 2000] >> Server Security



Message


Glennt -> Users no longer with the company (5.Mar.2003 9:39:00 PM)

I have a problem that adds to my daily spam intake. Users that have left the company still recieve spam causing an immediate NDR once Exchange realizes the user is not in the Address Book.

What I would like to do is compile a list of these pepole and set up some kind of filter or black hole to keep these e-mails from clogging up the outbound queue.

The exchange SMTP filters don't look like they would work becuase I need to filter on recipient and not the sender like I would with the spam originator.

Is there a way to configure lists of users that would cause the e-mail to be dropped without any logging or notification. Would this be done with an "Event Sink"?




Exchange_Admin -> RE: Users no longer with the company (6.Mar.2003 4:37:00 AM)

Here is one way I have heard of:
1. Create a distribution list. Maybe call it Past employees. Do not put anyone in this DL.
2. Note the SMTP address of the user that has left.
3. Delete the email account or remove the SMTP address from the mailbox if you wish to retain the mailbox.
4. Go to the properties of the DL from step 1. Add the SMTP address noted in step 2 to the email addresses tab of the DL.

Now all messages should be "delivered" to the DL that has no members.
When a user leaves the company, add that users SMTP address to the DL also.

[ March 06, 2003, 04:39 AM: Message edited by: Exchange_Admin ]




Glennt -> RE: Users no longer with the company (6.Mar.2003 4:16:00 PM)

Thanks,
This looks simple enough, I will give it a try today.




Glennt -> RE: Users no longer with the company (6.Mar.2003 8:56:00 PM)

The DL idea did not work for me. My server is Exchange 2000, when I create a Universal Distribution Group for the DL I can only select user objects from Active directory. I already deleted these users instead of disabling their accounts.

I am trying this idea where I created a mailbox called spam and I added all the SMTP addresses to it to make a spam trap. Once I have a sample of spam I can add each one to the junk or adult senders list. Then I can take the TXT file from the senders list and use that to manually build my SMTP filters on the server.

This is very crude but I think/hope I can block some of this junk. Unfortunately like any filter if you do not clean it then its effectiveness decreases over time.




space -> RE: Users no longer with the company (7.Mar.2003 6:09:00 PM)

You didn't do the DL thingy right.
You stated that you couldn't "add the user" as they had been deleted from Active Directory.
You weren't supposed to add the user...
Remember, the DL has NO USERS!
Thats the beauty of it, when it receives e-mail for the people that have left the company, the e-mail never enters the information store, it just evaporates sorta... You need to add the e-mail addresses of the users, not the users accounts.
This works great and is simple to implement.

Ron




Glennt -> RE: Users no longer with the company (10.Mar.2003 3:24:00 PM)

My Bust,
I wasn't paying attention as usual. Thanks for the tip.

Just for fun I set up a mailbox and entered all these users to make a spam trap and see what was comming into the company. There is no way you could write filters and maintain IP blocking lists to keep up with this Vile junk and some of it is downright dirty.

I set up a extra machine in my cube to monitor this mailbox. I recieve about two spams per minute for a total of over 600 a day for only 25 names that are no longer with the company. That is over 600 NDR's per day my server is trying to deliver.

My goal with this DL tip is to create a black hole so my server doesn't waste any time trying to contact 600 spoofed return addresses every day.

Now if I could only help the legitimate users.

Thanks for the help.




Joeri -> RE: Users no longer with the company (2.Apr.2003 5:35:00 PM)

still i would like to know what happens with the messages if u make a DL like this...u said they sorta vaporize...meaning they dont come in 'badmail directory' or something....




Glennt -> RE: Users no longer with the company (4.Apr.2003 7:25:00 PM)

I must say this method has worked for me. My postmaster mailbox recieves about 10 NDRs a day down from 1000. I must have about 50 names on this DL and I keep adding them as new ones pop up.

I agree with joeri in that I would like to know what the server does with them once the SMTP connector recieves them. I guess it hands it over to the MTA and the MTA drops it into the bit bucket.




Fluffball -> RE: Users no longer with the company (9.Apr.2003 11:15:00 AM)

We use a Linux server, running qmail, processesing all our incomming SMTP mail. It blocks addresses we don't want and sends on everything else to exchange.

It's cheap and it works well!

Otherwise, if you prefer a Microsoft based solution, you could use a Clearswift Mailsweeper server to pre-process your inbound SMTP mail. It can also automatically block SPAM and scan for viruses.




Glennt -> RE: Users no longer with the company (15.Apr.2003 7:04:00 PM)

I now have this list of users SMTP addresses assigned to a DL. How can I print or export this list of SMTP addresses from the DL?




jeff.jackson@rbza.com -> RE: Users no longer with the company (1.May2003 9:23:00 PM)

FluffBall, curiousity question for you. If you receive a message addressed multiple recipients, some on the block list and some not, does it pass the mail thru to the users who aren't blocked, or does it block it for everyone?




egecko -> RE: Users no longer with the company (10.Jun.2003 5:24:00 PM)

Smoke and Mirrors,

We too had the same problem as Glennt. I took the advice of the Exchange_Admin, and to my surprise, it worked. I too am wondering where they are vaporizing to. I am also monitoring my server to see if there are significant changes. So far so good. I also sent an email to multiple recipients including some that are now in this new DL and everything went through okay, nothing was blocked. Seems to me like this is a good fix. I will definitely make a post should we find something wrong with this fix.

Regards,
Scott




Roach -> RE: Users no longer with the company (7.Aug.2003 8:20:00 PM)

quote:
Originally posted by Exchange_Admin:
Here is one way I have heard of:
1. Create a distribution list. Maybe call it Past employees. Do not put anyone in this DL.
2. Note the SMTP address of the user that has left.
3. Delete the email account or remove the SMTP address from the mailbox if you wish to retain the mailbox.
4. Go to the properties of the DL from step 1. Add the SMTP address noted in step 2 to the email addresses tab of the DL.

Now all messages should be "delivered" to the DL that has no members.
When a user leaves the company, add that users SMTP address to the DL also.

Question though...Where does the email endup? they must take up some space somewhere no? [Confused]




mfugatt -> RE: Users no longer with the company (8.Aug.2003 11:05:00 PM)

They dont take up space, Exchange process the message based on the fact that the DL has the email address and it sends the message to the members of the DL, because there are no members in the DL Exchange has done its job, and the SMTP Process is complete.




shahid -> RE: Users no longer with the company (10.Aug.2003 8:34:00 AM)

i want to know that where is distribution list located in exchange 2k. or i will have to make it if yes then please tell me how??
i am new to exch. 2k

thanks in advance
shahid




Page: [1]