Jump to content

Exchange 2000 non-delivery report and spam


jeburkes76

Recommended Posts

We run exchange 2000 behind a firewall. We have the firewall checking spamcop for every incoming mail message. Unfortunately, we are still getting a fair amount of spam sent to old (no longer existing) email addresses. So we get a fair amount of queues for the smtp protocol as these ndrs cannot be delivered. Right now, we have copies of all ndr's being delievered to an internal email account, however message headers and bodies are not included by Exchange 2000 so I cannot report these emails as being spam to SpamCop. Does anyone know how to get Exchange to include message header and body to be included in an non-delivery report? I have checked Microsoft Exchange newsgroups and searched google and microsoft knowledgebase and come up with nothing, I just figured maybe someone here as already cleared this hurdle. TIA.

Jeremy

Link to comment
Share on other sites

For securing stuff, part of that aspect is addressed under the existing Topic at http://forum.spamcop.net/forums/index.php?showtopic=1268

The content, format, etc. of the handled e-mail is part of the configuration settings on that server. You really need to take up some of these issues with the folks that are actually in charge of running this Exchange server. The statement you make of "have the firewall checking SpamCop for every incoming email" suggests to me that you aren't the person running the show.

Link to comment
Share on other sites

I run the Exchange servers for the organization. We have one entry and exit for the entire enterprise through one Exchange 2000 server. Our firewall is limited in that I cannot get it to whitelist, blacklist, or check mutiple blacklist databases like SpamCop. So any spam servers not listed on Spamcop gets through, also, any email destined for a non-existent address in our Exchange organization gets an ndr created to be sent back to the spammer. I would like to start reporting these to spamcop and need a way to get the header and body of the message included in the ndr sent to the account I mentioned above. I was looking to see if anyone else running Exchange 2000 has gotten this to work. The link that you gave me although helpful does not help with my goal.

Jeremy

Link to comment
Share on other sites

Our firewall is limited in that I cannot get it to whitelist, blacklist, or check mutiple blacklist databases like SpamCop

In general, the term "firewall" doesn't include this kind of activity. In fact, most folks using an Exchnage server seem to usually end up putting a Linux box in front of it to use real e-mail handling tools to do this filtering function, leaving the Exchange server to distribute the 'good' mail that made it past the Linux box.

any email destined for a non-existent address in our Exchange organization gets an ndr created to be sent back to the spammer

that's actually a pretty scary comment there ... boat loads of other Topics here, much content over in the newsgroups about ndrs being sent back to those innocents that have had their e-mail addresses forged into the e-mails as the alleged "From:" ... as you're complaining about not being able to see the full headers, there's no way you're getting the envelope contents either, so you're setting yourself up for a nasty situation if you do what you're describing.

Link to comment
Share on other sites

any email destined for a non-existent address in our Exchange organization gets an ndr created to be sent back to the spammer

that's actually a pretty scary comment there ... boat loads of other Topics here, much content over in the newsgroups about ndrs being sent back to those innocents that have had their e-mail addresses forged into the e-mails as the alleged "From:" ... as you're complaining about not being able to see the full headers, there's no way you're getting the envelope contents either, so you're setting yourself up for a nasty situation if you do what you're describing.

The problem the original poster has is that (unless I am mistaken), Exchange 5.x and 2000 cannot reject messages during the SMTP dialog. Every message is accepted before the determination is made as to whether it has a valid recipient. If not, a NDR is (optionally) generated.

I don't know about the latest version (Exchange 2003?), but the only options with the older versions is to send an NDR or drop the message in the bit bucket.

P.S.: I like the "sent back to the spammer" comment. It exemplifies the oh-so-common and oh-so-wrong attitude that the sender can be accurately determined...

Link to comment
Share on other sites

We run exchange 2000 behind a firewall.  We have the firewall checking spamcop for every incoming mail message.  Unfortunately, we are still getting a fair amount of spam sent to old (no longer existing) email addresses.  So we get a fair amount of queues for the smtp protocol as these ndrs cannot be delivered.

This is the first I have heard of a firewall doing such a check. Usually it is a outer mail server that does it.

And that mail server can either be given a copy of the current user list, or a means of querying the internal mail server for the existance of the e-mail address.

For undesired or undeliverable messages, that outer server can issue the reject messages.

Depending on the amount of incoming e-mail that your domain has, and how you pay for internet access, the bandwidth saved by being able to use multiple DNSbls to reject spam, and to reject messages to non-existant users, could pay for the server.

Right now, we have copies of all ndr's being delievered to an internal email account, however message headers and bodies are not included by Exchange 2000 so I cannot report these emails as being spam to SpamCop.  Does anyone know how to get Exchange to include message header and body to be included in an non-delivery report?  I have checked Microsoft Exchange newsgroups and searched google and microsoft knowledgebase and come up with nothing, I just figured maybe someone here as already cleared this hurdle.  TIA.

Microsoft Exchange appears to be designed to be an internal mail server, and the last copy I saw a few years back needed a "GATEWAY" software to connect it to the SMTP internet and other networks.

Now if you are connecting a bunch of internal mail systems together, the gateway software can be quite simple.

But once the e-mail makes it to the Exchange server, it is apparently no longer SMTP e-mail, and can not be treated as such.

So it appears that what you need is a better gateway between your internal mail network and public internet.

You do not ever want to send a non-delivery notice out side your network, even though it is permitted by RFC. You will want to always use SMTP rejects for undeliverable messages.

Based on statistics from one of the mail servers that I know of, less than 10% of your spam bounces are going back to the spammer. The rest will either be undeliverable or will go to innocent victims. 100% of the viruses that you send non-delivery notices for will go to innocent victims.

Since RFCs also require a mail server to accept e-mail to a domain literal like [127.0.0.1] according to the folks on the dsbl.org mailing list, if you must send a non-delivery notice use the I.P. address in brackets as the domain part of the e-mail address. If it was a real e-mail and their server is RFC compliant, the bounce will go to the right place. If not, while e-mail does not have a guarantee of notice of non-delivery and you did the best that you could do.

-John

Personal Opinion Only

Link to comment
Share on other sites

Have did some checking ... here's a thought or two ... might want to look around for a civilian or two that work for one of those three letter organizations. One that might know something about the material found at http://www.nsa.gov/selinux ... this will give you the front end, handle most of your security issues, and might even come with some training to get it set up. For background, see if anyone there remembers a little place called Vint Hill Farms Station <g>

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...