Re: How to curb NDR Flood attacks

  • From: Danny <nocmonkey@xxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Mon, 9 Jan 2006 19:30:49 -0500

On 1/9/06, ChongJa@xxxxxxxxxxxxxxxx <ChongJa@xxxxxxxxxxxxxxxx> wrote:
> Does anybody know a good way to curb NDR flood attacks for 2000 or 2003?

Exchange Server 2003:

* As Fred suggested, only accept email sent to recipients that
actually exist (what a concept, eh Microsoft!)

* Load up your Exchange server or spare mail gateway server with 3rd
party anti-spam software from, I don't know, maybe: GFI, TrendMicro,
Sybari (yes, now Microsoft), Symantec, McAfee, F-Secure, Panda
software, etc..

* Get some spare time and spare box with RAID 1/5, setup a email spam
"firewall" by installing *BSD or Linux, install Postfix, and read all
the wonderful spam firewall how to's. (If you go this route, I can get
you started in the right direction).

* Forget loading up your network and servers with crap, and pay the
experts, such as Postini (or whatever, but I recommend Postini) to
take care of all of your spam and virus-ridden email before it even
touches your email systems.  Pricing around $2 per mailbox per month. 
Email me off list for further information.

Exchange 2000:

* All of the above, except for for the first option.

> (People spoofing your email to send to invalid addressed and you getting
> NDRs) What do you guys normally do? Thanks.

For the better good of the Internet, your network, mail queue, and
other valuable resources, your MX records should point to SMTP servers
that only accept email sent to recipients that actually exist in your
domain.  Some people disagree, but they often don't consider the
unnecessary backscatter
( and headaches
they cause for other postmasters.

I hope this helps.


Other related posts: