Give Exchange 2000 the reverse DNS power

Reverse DNS is fairly effective against unwanted e-mail since a great deal of unwanted e-mail can be blocked by performing a reverse DNS lookup against the sender. A reverse DNS lookup also requires very little in the way of server or network resources.

Unfortunately, not everyone can upgrade to Exchange 2003 just yet, whether the reason is budgetary constraints or time constraints.

The good news is that in the interim, you can configure Exchange 2000 to perform reverse DNS lookup on all incoming mail.

What you need to do involves exploiting a little-documented feature concerning how Exchange can be set to accept mail from all but a certain domain. Here is what you need to do:

1. Open the default SMTP Virtual Server's Properties page.
2. Under the Access tab, select Connection.
3. Selection the "All but the list below" option to screen incoming mail.
4. Add a domain that you know to be completely nonexistent (i.e., bogusdomain would work fine).
5. Click OK

Setting this function forces Exchange 2000 to perform a reverse DNS lookup with each new SMTP connection it creates. If the incoming SMTP connection fails by dint of not having a valid DNS record, the connection will be dropped and the message never delivered. This not only cuts down on the amount of unsolicited mail delivered in the first place, but also limits the number of bogus SMTP conversations with your Exchange Server.

Many people may ask, "What happens if a valid e-mail is re-mailed with different headers?"

In some cases, this mail would bounce. The best way to handle this situation is to have the e-mail forwarded as an attachment rather than re-mailed. I've talked to other experts about this and they agree that it's a small price to pay for that much more mail security. However, if you are in a situation where you are getting a lot of redirected/re-mailed messages as part of the function of the Exchange server (for instance, if you're getting redirects from a mailbox designated for you on another server), then that may be a problem. In this case I would talk to the admins on the other server and see if the mail can be held there for POP3 pickup rather than simply re-mailed, and set up a POP3 account on the target user's mail program.

If you are being hit with an abundant number of spams from servers that fail DNS lookup, this will help free up the incoming bandwidth those servers are eating up.

Do you have a useful Exchange tip to share? Submit it to our monthly tip contest and you could win a prize and a spot in our Hall of Fame.

Rate this Tip To rate tips, you must be a member of SearchExchange.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Exchange Security Tips Why you should secure Exchange 2007 using administrative policies Microsoft Exchange Server security dos and don'ts Create a journal rule in Exchange 2007 to secure journaling mailboxes How to protect an Exchange journaling mailbox from email spoofing Lock down Microsoft Outlook 2007 to prevent .PST file access Using Exchange Server journaling as an email-archiving solution Use the OWA Admin tool to 'segment' Outlook Web Access 2003 features Why are .PST files a security threat to Exchange Server mailboxes? OWA won't load after applying Exchange 2007 SP1 security patch Minimize remote and mobile Outlook Web Access (OWA) security risks Antispam Software and Spam Filtering Microsoft Exchange Server security dos and don'ts Troubleshooting Microsoft Exchange Server Event ID error 6009 How can I configure Exchange IMF to allow an IP address or DNS? Tool helps identify inbound Exchange Server email flow issues Exchange email sent to a domain using SPF authentication is returned Configure SMTP relay restrictions in Exchange Server 2003 to stop spam Secure Edge Transport servers using the Security Configuration Wizard Create a global Safe Senders List in Exchange 2007 to filter spam Migrating antispam settings from Exchange 2003 to Exchange 2007 The six-layered secret of effective Exchange Server email filtering Antispam Software and Spam Filtering Research Microsoft Exchange 2000 Server How to move Exchange 2000 to new server hardware Error 1053: Exchange System Attendant service could not start Solve server problems with the Exchange Troubleshooting Assistant tool Move mailboxes to Exchange 2007 after Windows upgrade Third-party tools that modify NDRs for oversized email IP address changes for an Exchange 2000 recovery server Exchange Server 2003 tips and tricks -- 7 tips in 7 minutes How to enable Exchange Server public folder logging Deciphering an 0xc103798a Exchange Server setup error code Exchange Server error message: 'A non-delivery report with a status code of 5.4.0 was generated for recipient' Microsoft Exchange 2000 Server Research RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary greylist  (SearchExchange.com) hash buster  (SearchExchange.com) image spam  (SearchExchange.com) KnujOn  (SearchExchange.com) Sender ID  (SearchExchange.com) spam confidence level  (SearchExchange.com) spamblock  (SearchExchange.com) spim  (SearchExchange.com) tarpitting  (SearchExchange.com) teergrube  (SearchExchange.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.