Discussion:
Spoofing Attack
(too old to reply)
Sam
2008-03-25 18:27:01 UTC
Permalink
One of the mailbox on E 2003 server is under spoofing attack. Someone is
sending out spam using this mailbox email address and this user is getting
hundreds of NDRs from other servers. How can I stop or drop these in coming
NDRs?
John Oliver, Jr. [MVP]
2008-03-25 22:52:07 UTC
Permalink
NDR's from other server, so where exactly is the NDR coming from? Have you
checked the Internet Headers? Is Recipient Filtering enabled on your
Exchange 2003 Server?
--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2008
Microsoft Certified Partner
Post by Sam
One of the mailbox on E 2003 server is under spoofing attack. Someone is
sending out spam using this mailbox email address and this user is getting
hundreds of NDRs from other servers. How can I stop or drop these in coming
NDRs?
Sam
2008-03-26 15:47:04 UTC
Permalink
It's coming from different servers. Recipient Filtering is checked and
enabled in SMTP VS.
Post by John Oliver, Jr. [MVP]
NDR's from other server, so where exactly is the NDR coming from? Have you
checked the Internet Headers? Is Recipient Filtering enabled on your
Exchange 2003 Server?
--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2008
Microsoft Certified Partner
Post by Sam
One of the mailbox on E 2003 server is under spoofing attack. Someone is
sending out spam using this mailbox email address and this user is getting
hundreds of NDRs from other servers. How can I stop or drop these in coming
NDRs?
John Oliver, Jr. [MVP]
2008-03-27 02:02:36 UTC
Permalink
Only real solution here is to get an appliance or service to perform an SPF
lookup on the NDR and then either drop it or delete it. Another solution
you could use is changing the users email address. If the user's address
has been spoofed by a Spammer you could also try to figure out where these
messages are coming from and try to shut it down.
--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2008
Microsoft Certified Partner
Post by Sam
It's coming from different servers. Recipient Filtering is checked and
enabled in SMTP VS.
Post by John Oliver, Jr. [MVP]
NDR's from other server, so where exactly is the NDR coming from? Have you
checked the Internet Headers? Is Recipient Filtering enabled on your
Exchange 2003 Server?
--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2008
Microsoft Certified Partner
Post by Sam
One of the mailbox on E 2003 server is under spoofing attack. Someone is
sending out spam using this mailbox email address and this user is getting
hundreds of NDRs from other servers. How can I stop or drop these in coming
NDRs?
Loading...