
	Antispam Software and Spam Filtering


	Home > Ask the Microsoft Exchange Experts > Bharat Suneja: Server Administration Questions & Answers > How to determine if you're the target of a 'reverse NDR attack'

Ask The Exchange Expert: Questions & Answers

EMAIL THIS

How to determine if you're the target of a 'reverse NDR attack'

EXPERT RESPONSE FROM: Bharat Suneja

		Pose a Question

		Other Exchange Categories

		Meet all Exchange Experts
		Become an Expert for this site

Exchange Server tips, tutorials and expert advice

Digg This! StumbleUpon Del.icio.us

QUESTION POSED ON: 10 April 2006
My ISP called to report spamming issues associated with Microsoft Exchange on my Windows Small Business Server 2003. It appears that non-delivery reports (NDRs) are being sent from the postmaster. I have looked for hours, but I can't figure out how to turn this off. What else could it be?

EXPERT RESPONSE
VIEW MEMBER FEEDBACK TO THIS ASK THE EXPERT Q&A.

Most likely your server has been the target of a 'Reverse NDR attack.' Here are some symptoms of this type of attack:

Your Exchange Server queues have many messages waiting to be delivered to external recipients.
Your ISP notified you that your server is sending UCE (a.k.a. spam).
Store.exe and Inetinfo.exe use a lot of CPU cycles.
The Badmail folder -- located in exchsrvrmailrootvsi 1 -- fills up fast and the drive could potentially run out of space.
If you stop the SMTP service, your server returns to normal performance levels.

If most of the messages in your queues are from postmaster@yourdomain.com, you should configure Recipient Filtering on your server.

Please refer to the Microsoft Knowledge Base article 886208 to get detailed instructions on how to configure Recipient Filtering and clean up your queues.

MEMBER FEEDBACK TO THIS ASK THE EXPERT Q&A:

Not so fast. If you do this, spam will use directory harvesting on your server and may make things worse.

I would turn off non-delivery reports (NDRs) for messages that do not have a valid recipient. and just keep an eye out for misspelled email in the admin mailbox.
—Sam C.

Do you have comments on this Ask the Expert Q&A? Let us know.

Related information from SearchExchange.com:

Tip: Should you turn off your network's outbound SMTP (port 25)?

Tip: Excessive Exchange Server NDRs destroy DNS

On-Demand Webcast: Locking down Exchange Server

Learning Guide: How to fight spam on Exchange Server

Reference Center: Non-Delivery Report tips and resources

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Bharat Suneja: Server Administration
	Change language settings for out-of-office messages
	Set up FQDN and bridgeheads for POP3 and IMAP4 email
	Share a user's calendar without giving access to the entire mailbox
	How to determine when an Exchange Server mailbox was last accessed by the owner
	How to find your Exchange Server store size limit
	Can I bulk export calendars from Exchange Server to Microsoft Excel?
	Not receiving email messages that have file attachments
	How to view email queued in Exchange Server for download to Microsoft Outlook
	Two methods for recovering Exchange Server public folder data
	How to add a disclaimer to outgoing SMTP messages in Exchange Server 2003

Antispam Software and Spam Filtering

Secure Edge Transport servers using the Security Configuration Wizard

Create a global Safe Senders List in Exchange 2007 to filter spam

Migrating antispam settings from Exchange 2003 to Exchange 2007

The six-layered secret of effective Exchange Server email filtering

Top 10 Exchange, Microsoft Outlook and OWA email security tips of 2007

Troubleshoot Microsoft Outlook email delivery problems

Microsoft Outlook and Exchange Server 2003 Email Security Guide

Top 5 Exchange Intelligent Message Filter add-on tools

Locate 'missing' SPF record on an external DNS domain

Native Exchange Server 2003 antispam solutions

Antispam Software and Spam Filtering Research

Small Business Server

Perform an SMTP Telnet to test an outgoing Exchange server connection

Set up Outlook to use POP3 email and Exchange calendars on Windows SBS

How to configure DNS records for Exchange Server on Windows SBS 2003

Forward Exchange Server email to an ISP using Active Directory

Retaining default email addresses in Exchange and Windows SBS 2003

OWA and OMA failures on Small Business Server 2003

Use ExMerge to move mailboxes from SBS 2003 to a different server

Set up Exchange to receive email for multiple domains

Exchange Server error message: 'A non-delivery report with a status code of 5.4.0 was generated for recipient'

Exchange Server deployment strategies for SMBs

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

greylist (SearchExchange.com)

hash buster (SearchExchange.com)

image spam (SearchExchange.com)

KnujOn (SearchExchange.com)

Sender ID (SearchExchange.com)

spam confidence level (SearchExchange.com)

spamblock (SearchExchange.com)

spim (SearchExchange.com)

tarpitting (SearchExchange.com)

teergrube (SearchExchange.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

SEARCH

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2004 - 2008, TechTarget \| Read our Privacy Policy