Nice call Carl, looks like this may have been user error. Though I set up the recipient filtering on the Global Settings -> Message Delivery, I neglected to get the check boxes on the SMTP Virtual Server -> properties -> general tab -> advanced ->IP addresses -> edit ( and here I thought that was just for editing the IP addresses for the virtual server... How foolish) At any rate, my bad, no blame to Ninja. Hopefully that will start the Recipient Filtering properly.
Thanks, Bill From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Wednesday, August 19, 2009 11:45 AM To: MS-Exchange Admin Issues Subject: RE: NDRs backscatter and such Haven't used it, but I'd call it a major flaw if it causes non-existent recipient filtering to be bypassed without providing a similar replacement feature within its own realm. Carl From: Bill Songstad (WCUL) [mailto:administra...@waleague.org] Sent: Wednesday, August 19, 2009 2:32 PM To: MS-Exchange Admin Issues Subject: RE: NDRs backscatter and such I'm using Sunbelt's Ninja. Crawling their forum isn't giving me any love yet. I'm putting together a post to see if someone on that list has an idea. Bill From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Wednesday, August 19, 2009 11:19 AM To: MS-Exchange Admin Issues Subject: RE: NDRs backscatter and such You do have recipient filtering enabled on the SMTP VS, right? If so, then your 'thwarting' analysis is probably right. Perhaps if this mystery spam filter was given a name, it might lead to more suggestions about how to deal with this. J Carl From: Bill Songstad (WCUL) [mailto:administra...@waleague.org] Sent: Wednesday, August 19, 2009 2:00 PM To: MS-Exchange Admin Issues Subject: RE: NDRs backscatter and such Thanks for all the insight. I am filtering recipients who are not in the directory, but the SMTP queue is full of retrying messages from postmaster to addresses like "SMTP:w...@201-232-13-44.epm.net.co". I wonder if these messages are being accepted by the spam filter (it sits in an SMTP sink on the exchange box) thus thwarting the filtering. Bill From: Kennedy, Jim [mailto:kennedy...@elyriaschools.org] Sent: Wednesday, August 19, 2009 10:48 AM To: MS-Exchange Admin Issues Subject: RE: NDRs backscatter and such Carl gave you the correct answer. I'll just add that his way will also take a huge load off your server. What you are doing now is accepting the whole message...then sending an entire new message for the NDR. His way your server tells the sending server during the initial SMTP conversation that there is no such recipient. So you never even accept the original message. From: Carl Houseman [mailto:c.house...@gmail.com] Sent: Wednesday, August 19, 2009 1:42 PM To: MS-Exchange Admin Issues Subject: RE: NDRs backscatter and such Enable recipient filtering and tick the box for "filter recipients who are not in the directory". That will eliminate all of the NDRs from spam sent to non-existent addresses. The senders who make a typo will still get NDRs, but those NDRs will be generated by the sending servers instead of yours. This is the Best Practice thing to do. The spammers won't get any NDRs because spambots don't bother to generate them. The other response about tarpitting, you want to do that too. Tarpitting doesn't do anything for you unless you've enabled the recipient filtering for non-existent addresess. Carl From: Bill Songstad (WCUL) [mailto:administra...@waleague.org] Sent: Wednesday, August 19, 2009 1:25 PM To: MS-Exchange Admin Issues Subject: NDRs backscatter and such Okay, backscatter is an annoyance at the very least. So I want to do something about it. My messaging queue is 90% NDRs to domains and subdomains with no MX records. Of course the easy solution is to just uncheck "allow Non-Delivery reports" in Internet Messaging formats within ESM. But my organization provides research services via email request to thousands of members. Sometimes the members just fire off an email to the researcher who helped them last time. But, that researcher may be gone from the organization. So how do you have the NDR functionality without feeding the spammers and contributing to backscatter? Just trying to brainstorm here Bill