Sorry, Directory Harvesting Attack -----Original Message----- From: Kurt Buff [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2008 12:35 PM To: MS-Exchange Admin Issues Subject: Re: Hundreds of NDRs
DHA? Kurt On Tue, Oct 7, 2008 at 12:18 PM, Don Andrews <[EMAIL PROTECTED]> wrote: > Upgrading to a gateway product that does recipient validation a couple > of years ago was a huge benefit - and I'm ever so happy that it also > detects and auto-blocks DHA's and a number of other mis-behaviors. > > > > -----Original Message----- > From: Kurt Buff [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 07, 2008 11:45 AM > To: MS-Exchange Admin Issues > Subject: Re: Hundreds of NDRs > > Oh, yeah, the last two that Don mentions are indeed legitimate sources > of NDRs that won't happen during the initial SMTP conversation from > the sender to the recipient. However, the first one (where an NDR is > generated after receipt for a non-valid recipient) is only legitimate > when sending to a DL on a gateway that isn't kept up to date. > > Kurt > > On Tue, Oct 7, 2008 at 11:18 AM, Don Andrews <[EMAIL PROTECTED]> > wrote: >> I can think of a couple of NDR causes that may not be handled during > the >> initial SMTP conversation - in gateway environments; >> >> 1. invalid recipient (if recipient validation is not handled by the > gateway) >> >> 2. over quota (in gateway environment again) >> >> 3. delivery delay or failure notifications - if gateway can't connect > to >> backend mail server for some period. >> >> >> >> In each of these cases, the gateway at the receiving end will accept > the >> message, then it or the backend mail server will generate and send the > NDR >> at a later time. >> >> ________________________________ >> >> From: wjh [mailto:[EMAIL PROTECTED] >> Sent: Tuesday, October 07, 2008 11:04 AM >> To: MS-Exchange Admin Issues >> Subject: Re: Hundreds of NDRs >> >> >> >> It shouldn't. a legitimate NDR should happen while the sending and >> receiving SMTP servers talk to each other. legitimate sending server >> connects to the receiving server and the receiving server accepts the >> message or does not. Either way, it is communicating with the sending >> server directly...just like if you telnet to your smtp server port 25 > and it >> gives you feedback. Backscatter email goes through spam server > because it >> isn't originating from your smtp server. The only legit bounces may > come >> for users who might have pop or imap accounts setup not to send > through your >> smtp server. >> >> There are probably others on the list that understand the protocols > better >> than me, so feel free to chime in. >> >> Bill >> >> >> [EMAIL PROTECTED] wrote: >> >> If this could be done, wouldn't it also block legitimate NDRs? >> >> >> >> -------------- Original message -------------- >> From: wjh <[EMAIL PROTECTED]> >> >>> These types of NDRs drive me crazy. Here is one option if you have a >>> pretty typical setup. Typical setup: incoming mail comes in through a >>> spam gateway device/server, but outgoing mail leaves through your >>> exchange server. All legit NDRs should be communicating directly with >>> the sending smtp server. If an NDR hits your spam server, then it > would >>> be backscatter from spam. You could set your spam gateway to block or >>> quarantine these false NDRs. They do the user no good anyway. >>> >>> Bill >>> >>> [EMAIL PROTECTED] wrote: >>> > Exchange 2003 SP2. We occaisionaly have users who get a few NDRs > over >>> > a couple of days from reipients they did not send to because of >>> > spammers spoofing t heir e mail address. At 12:15 I have a user who >>> > began getting hundreds of NDRs obviously as a result of a spammer >>> > sedning out a bulk email package. These are coming in so fast the > user >>> > is having a hard time keeping up with the deleting. Anyway to > prevent >>> > this crap? >>> > Thanks. >>> > >>> >>> >>> ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ >>> ~ http://www.sunbeltsoftware.com/Ninja ~ >> >> >> >> >> >> >> >> >> >> > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ > ~ http://www.sunbeltsoftware.com/Ninja ~ > > > > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ > ~ http://www.sunbeltsoftware.com/Ninja ~ > ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~
