I am having that happen with me right now. I have gotten over 1300
today. I have just set up a rule to move them to a subfolder so I can go
through them later just in case one of my rule terms catches a legit
message.
Craig M. Sauvigne
System Administrator
Winthrop
Rule to send to delete folder or permanently delete.
This would calm the user.
Anyway to prevent?
1. Kill spammer.
2. Keep user of sites that collect email addresses.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 07, 2008 1:08 PM
To:
These types of NDRs drive me crazy. Here is one option if you have a
pretty typical setup. Typical setup: incoming mail comes in through a
spam gateway device/server, but outgoing mail leaves through your
exchange server. All legit NDRs should be communicating directly with
the sending smtp
3. Establish SPF records (OK, it doesn't do a lot)
4. Change everyone's SMTP address (the only way to be sure).
-- Durf
On Tue, Oct 7, 2008 at 1:15 PM, Brumbaugh, Luke
[EMAIL PROTECTED] wrote:
Rule to send to delete folder or permanently delete.
This would calm the user.
Anyway to
From is originating from System Administrator, Mailer Daemon, verification
prgrams etc so setting up a rule would be a turkey shoot. Thanks for your
repsonse.
-- Original message --
From: Durf [EMAIL PROTECTED]
3. Establish SPF records (OK, it doesn't do a lot)
4.
If this could be done, wouldn't it also block legitimate NDRs?
-- Original message --
From: wjh [EMAIL PROTECTED]
These types of NDRs drive me crazy. Here is one option if you have a
pretty typical setup. Typical setup: incoming mail comes in through a
spam gateway
On Tue, Oct 7, 2008 at 10:08 AM, [EMAIL PROTECTED] wrote:
Exchange 2003 SP2. We occaisionaly have users who get a few NDRs over a
couple of days from reipients they did not send to because of spammers
spoofing their email address. At 12:15 I have a user who began getting
hundreds of NDRs
It shouldn't. a legitimate NDR should happen while the sending and
receiving SMTP servers talk to each other. legitimate sending server
connects to the receiving server and the receiving server accepts the
message or does not. Either way, it is communicating with the sending
server
-Original Message-
From: wjh [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 07, 2008 1:17 PM
To: MS-Exchange Admin Issues
Subject: Re: Hundreds of NDRs
These types of NDRs drive me crazy. Here is one option if you have a
pretty typical setup. Typical setup: incoming mail comes
PROTECTED]
Sent: Tuesday, October 07, 2008 11:04 AM
To: MS-Exchange Admin Issues
Subject: Re: Hundreds of NDRs
It shouldn't. a legitimate NDR should happen while the sending and
receiving SMTP servers talk to each other. legitimate sending server
connects to the receiving server and the receiving
Unfortunately, too many mail servers are configured to accept all
mail, regardless of whether or not the recipient exists. Only then do
they check for a recipient, and puke out an NDR. There are a *LOT* of
misconfigured mail servers in the world.
Blocking NDRs won't work.
Kurt
On Tue, Oct 7,
server will generate and send the NDR
at a later time.
From: wjh [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 07, 2008 11:04 AM
To: MS-Exchange Admin Issues
Subject: Re: Hundreds of NDRs
It shouldn't. a legitimate NDR should happen while the sending
, October 07, 2008 11:45 AM
To: MS-Exchange Admin Issues
Subject: Re: Hundreds of NDRs
Oh, yeah, the last two that Don mentions are indeed legitimate sources
of NDRs that won't happen during the initial SMTP conversation from
the sender to the recipient. However, the first one (where an NDR is
generated
.
-Original Message-
From: Kurt Buff [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 07, 2008 11:45 AM
To: MS-Exchange Admin Issues
Subject: Re: Hundreds of NDRs
Oh, yeah, the last two that Don mentions are indeed legitimate sources
of NDRs that won't happen during the initial SMTP
Sorry, Directory Harvesting Attack
-Original Message-
From: Kurt Buff [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 07, 2008 12:35 PM
To: MS-Exchange Admin Issues
Subject: Re: Hundreds of NDRs
DHA?
Kurt
On Tue, Oct 7, 2008 at 12:18 PM, Don Andrews [EMAIL PROTECTED]
wrote
-Exchange Admin Issues
Subject: Re: Hundreds of NDRs
DHA?
Kurt
On Tue, Oct 7, 2008 at 12:18 PM, Don Andrews [EMAIL PROTECTED]
wrote:
Upgrading to a gateway product that does recipient validation a couple
of years ago was a huge benefit - and I'm ever so happy that it also
detects and auto
rejected today due to DHA blocks.
-Original Message-
From: Kurt Buff [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 07, 2008 12:53 PM
To: MS-Exchange Admin Issues
Subject: Re: Hundreds of NDRs
Ah. How does it detect those, especially if they're distributed?
On Tue, Oct 7, 2008 at 12
:35 PM
To: MS-Exchange Admin Issues
Subject: Re: Hundreds of NDRs
DHA?
Kurt
On Tue, Oct 7, 2008 at 12:18 PM, Don Andrews [EMAIL PROTECTED]
wrote:
Upgrading to a gateway product that does recipient validation a
couple
of years ago was a huge benefit - and I'm ever so happy that it also
:18 PM
To: MS-Exchange Admin Issues
Subject: Re: Hundreds of NDRs
That's a respectable number...
On Tue, Oct 7, 2008 at 1:02 PM, Don Andrews [EMAIL PROTECTED]
wrote:
It can't detect distributed - the detection is per IP - 30% invalid
addresses over a 10 minute period is the threshold - generates
To: MS-Exchange Admin Issues
Subject: Re: Hundreds of NDRs
That's a respectable number...
On Tue, Oct 7, 2008 at 1:02 PM, Don Andrews [EMAIL PROTECTED]
wrote:
It can't detect distributed - the detection is per IP - 30% invalid
addresses over a 10 minute period is the threshold - generates
This is called backscatter. Google it for more info. You can
*help* prevent this before it happens by publishing SPF/Sender-ID
records. Next, you can filter based on missing Message-ID headers
that should exist in legitimate NDRs if the original email was from
your domain.
On Tue, Oct 7, 2008
21 matches
Mail list logo
