RE: Several NDR's
We might be talking about something else here, it isn’t an rdns check to avoid creating backscatter. It is a system to prevent your users from getting it if they are spoofed in the ‘from’ of a spam run. The Cuda acts as your outgoing mail relay and as it passes the email it tags all outgoing email. It also acts as your incoming MTA of course…..when it gets an NDR from the outside world it then checks to see if that NDR matches a message sent by your org using that tagging system. If it doesn’t match it rejects it. It flat out kills incoming backscatter when your user’s ‘from’ is used to forge a spam run. http://www.thefreelibrary.com/Barracuda+Spam+Firewall+Rejects+Invalid+Non-Delivery+Report+%28NDR%29+...-a0183406988 From: Mark Tibbet [mailto:m.tib...@gmail.com] Sent: Wednesday, June 02, 2010 9:15 PM To: MS-Exchange Admin Issues Cc: MS-Exchange Admin Issues Subject: Re: Several NDR's All they are really doing is a rdns check to prevent spoofing. Most mta's should be capable. The only one if found that doesn't is message labs. Just my .02. Regards, Mark Tibbet Systems Engineer Enterprise Networking Solutions, Inc. mtib...@ens-inc.commailto:mtib...@ens-inc.com Http://www.ens-inc.com On Jun 2, 2010, at 4:37 PM, Richard Stovall rich...@gmail.commailto:rich...@gmail.com wrote: Totally agree about the Barracuda spoofing protection. I use it and it's wonderful. I've had zero reports of backscatter problems since implementing about a year ago or so. furiously knocks on the closest wooden object On Wed, Jun 2, 2010 at 10:56 AM, Kennedy, Jim kennedy...@elyriaschools.orgmailto:kennedy...@elyriaschools.org wrote: Some spam filters can help. Barracuda for example can be set up to relay your outbound email and it keeps a record of your outbound email message ID's. You then also use the Barracuda for incoming email. Then when it gets an NDR it checks it against that message ID list, if it isn't on that list it rejects it. -Original Message- From: Brent Zalewski [mailto:bzalew...@comcast.netmailto:bzalew...@comcast.net] Sent: Wednesday, June 02, 2010 10:29 AM To: MS-Exchange Admin Issues Subject: RE: Several NDR's As I read through all the articles on this I really wonder what if anything can be done. Some articles say to report this and other say just to ignore it. What really is the best solution , if any? Thanks
Re: Several NDR's
Correct. This is the feature I was referring to. It works very well in my experience. On Thu, Jun 3, 2010 at 8:45 AM, Kennedy, Jim kennedy...@elyriaschools.orgwrote: We might be talking about something else here, it isn’t an rdns check to avoid creating backscatter. It is a system to prevent your users from getting it if they are spoofed in the ‘from’ of a spam run. The Cuda acts as your outgoing mail relay and as it passes the email it tags all outgoing email. It also acts as your incoming MTA of course…..when it gets an NDR from the outside world it then checks to see if that NDR matches a message sent by your org using that tagging system. If it doesn’t match it rejects it. It flat out kills incoming backscatter when your user’s ‘from’ is used to forge a spam run. http://www.thefreelibrary.com/Barracuda+Spam+Firewall+Rejects+Invalid+Non-Delivery+Report+%28NDR%29+...-a0183406988 *From:* Mark Tibbet [mailto:m.tib...@gmail.com] *Sent:* Wednesday, June 02, 2010 9:15 PM *To:* MS-Exchange Admin Issues *Cc:* MS-Exchange Admin Issues *Subject:* Re: Several NDR's All they are really doing is a rdns check to prevent spoofing. Most mta's should be capable. The only one if found that doesn't is message labs. Just my .02. Regards, Mark Tibbet Systems Engineer Enterprise Networking Solutions, Inc. mtib...@ens-inc.com Http://www.ens-inc.com On Jun 2, 2010, at 4:37 PM, Richard Stovall rich...@gmail.com wrote: Totally agree about the Barracuda spoofing protection. I use it and it's wonderful. I've had zero reports of backscatter problems since implementing about a year ago or so. furiously knocks on the closest wooden object On Wed, Jun 2, 2010 at 10:56 AM, Kennedy, Jim kennedy...@elyriaschools.org wrote: Some spam filters can help. Barracuda for example can be set up to relay your outbound email and it keeps a record of your outbound email message ID's. You then also use the Barracuda for incoming email. Then when it gets an NDR it checks it against that message ID list, if it isn't on that list it rejects it. -Original Message- From: Brent Zalewski [mailto:bzalew...@comcast.net] Sent: Wednesday, June 02, 2010 10:29 AM To: MS-Exchange Admin Issues Subject: RE: Several NDR's As I read through all the articles on this I really wonder what if anything can be done. Some articles say to report this and other say just to ignore it. What really is the best solution , if any? Thanks
RE: Several NDR's
As I read through all the articles on this I really wonder what if anything can be done. Some articles say to report this and other say just to ignore it. What really is the best solution , if any? Thanks
RE: Several NDR's
As I read through all the articles on this I really wonder what if anything can be done. Some articles say to report this and other say just to ignore it. What really is the best solution , if any? BATV is pretty much it. Nope, you'll need something other than Exchange to do it. ~JasonG
RE: Several NDR's
Some spam filters can help. Barracuda for example can be set up to relay your outbound email and it keeps a record of your outbound email message ID's. You then also use the Barracuda for incoming email. Then when it gets an NDR it checks it against that message ID list, if it isn't on that list it rejects it. -Original Message- From: Brent Zalewski [mailto:bzalew...@comcast.net] Sent: Wednesday, June 02, 2010 10:29 AM To: MS-Exchange Admin Issues Subject: RE: Several NDR's As I read through all the articles on this I really wonder what if anything can be done. Some articles say to report this and other say just to ignore it. What really is the best solution , if any? Thanks
Re: Several NDR's
There is no best solution. You either ignore or you filter. You can have clients filter, or depending on your spam filter, you can filter at the point of ingress. Its tricky, but there are things you can look for. Doing it at the point of ingress requires a filter that allows you to use complex regular expressions. There is no one-size-fits-all solution. You'd need to create and taylor them as your are subjected to joe job attacks. This is something for an experienced email administrator that has a *very* good understanding of email headers and SMTP standards. -- ME2 On Wed, Jun 2, 2010 at 7:29 AM, Brent Zalewski bzalew...@comcast.netwrote: As I read through all the articles on this I really wonder what if anything can be done. Some articles say to report this and other say just to ignore it. What really is the best solution , if any? Thanks
Re: Several NDR's
tailor... lol -- ME2 On Wed, Jun 2, 2010 at 3:22 PM, Micheal Espinola Jr michealespin...@gmail.com wrote: There is no best solution. You either ignore or you filter. You can have clients filter, or depending on your spam filter, you can filter at the point of ingress. Its tricky, but there are things you can look for. Doing it at the point of ingress requires a filter that allows you to use complex regular expressions. There is no one-size-fits-all solution. You'd need to create and taylor them as your are subjected to joe job attacks. This is something for an experienced email administrator that has a *very* good understanding of email headers and SMTP standards. -- ME2 On Wed, Jun 2, 2010 at 7:29 AM, Brent Zalewski bzalew...@comcast.netwrote: As I read through all the articles on this I really wonder what if anything can be done. Some articles say to report this and other say just to ignore it. What really is the best solution , if any? Thanks
Re: Several NDR's
Thanks for all the help. We are looking into what the best solution is for us. But isn't the real issue from all of this being put on a RBL because some of the email sent could be sent to a monitored email address for spam? O ram I missing something? Thanks
Re: Several NDR's
Totally agree about the Barracuda spoofing protection. I use it and it's wonderful. I've had zero reports of backscatter problems since implementing about a year ago or so. furiously knocks on the closest wooden object On Wed, Jun 2, 2010 at 10:56 AM, Kennedy, Jim kennedy...@elyriaschools.orgwrote: Some spam filters can help. Barracuda for example can be set up to relay your outbound email and it keeps a record of your outbound email message ID's. You then also use the Barracuda for incoming email. Then when it gets an NDR it checks it against that message ID list, if it isn't on that list it rejects it. -Original Message- From: Brent Zalewski [mailto:bzalew...@comcast.net] Sent: Wednesday, June 02, 2010 10:29 AM To: MS-Exchange Admin Issues Subject: RE: Several NDR's As I read through all the articles on this I really wonder what if anything can be done. Some articles say to report this and other say just to ignore it. What really is the best solution , if any? Thanks
Re: Several NDR's
All they are really doing is a rdns check to prevent spoofing. Most mta's should be capable. The only one if found that doesn't is message labs. Just my .02. Regards, Mark Tibbet Systems Engineer Enterprise Networking Solutions, Inc. mtib...@ens-inc.com Http://www.ens-inc.com On Jun 2, 2010, at 4:37 PM, Richard Stovall rich...@gmail.com wrote: Totally agree about the Barracuda spoofing protection. I use it and it's wonderful. I've had zero reports of backscatter problems since implementing about a year ago or so. furiously knocks on the closest wooden object On Wed, Jun 2, 2010 at 10:56 AM, Kennedy, Jim kennedy...@elyriaschools.org wrote: Some spam filters can help. Barracuda for example can be set up to relay your outbound email and it keeps a record of your outbound email message ID's. You then also use the Barracuda for incoming email. Then when it gets an NDR it checks it against that message ID list, if it isn't on that list it rejects it. -Original Message- From: Brent Zalewski [mailto:bzalew...@comcast.net] Sent: Wednesday, June 02, 2010 10:29 AM To: MS-Exchange Admin Issues Subject: RE: Several NDR's As I read through all the articles on this I really wonder what if anything can be done. Some articles say to report this and other say just to ignore it. What really is the best solution , if any? Thanks
RE: Several NDR's
google joe job ...Tim -Original Message- From: Brent Zalewski [mailto:bzalew...@comcast.net] Sent: Tuesday, June 01, 2010 1:26 PM To: MS-Exchange Admin Issues Subject: Several NDR's We have a user that has been receiving hundreds of the following NDR's. The date sent on the message show yesterday which was a holiday. The user did not loogn to her OWA or was not on her computer email at all yesterday. Any ideas would be appreciated. Check machine for virus, spyware, etc. Nothing found as of yet. There was nothing in the Sent Items for any of these messages. I noticed that the to in the first part of the message with a banet.net domain and the to in the diagnostic area is winn...@camelot.co.uk. Diagnostic information for administrators: Generating server: Our Exchange Server xx...@banet.net vms169129pub.verizon.net #550 5.1.1 unknown or illegal alias: xx...@banet.net ## Original message headers: Received: from Our Exchange Server ([::1]) by Our Exchange Server ([::1]) with mapi; Mon, 31 May 2010 09:35:00 -0500 From: User email with the issue To: winn...@camelot.co.uk winn...@camelot.co.uk Date: Mon, 31 May 2010 09:35:00 -0500 Subject: =?windows-1256?Q?Sponsored_by_Camelot_Groups=FE?= Thread-Topic: =?windows-1256?Q?Sponsored_by_Camelot_Groups=FE?= Thread-Index: AQHLAM5yfeXkCvk01kyPotV89Cun4Q== Message-ID: 75d9a2b054a32b4cbfb345d89fc273d61004f1d...@isdexch1.sangcty.local Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US Content-Type: multipart/alternative; boundary=_000_75D9A2B054A32B4CBFB345D89FC273D61004F1D0FDISDEXCH1SangC_ MIME-Version: 1.0