RE: GFI Mail Essentials 11 - NDR's and SMTP Ma il Queue

  • From: Jason Davis <JDavis@xxxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 13 Oct 2005 12:32:59 -0700

Thanks again for all your time and knowledge.
Incidentally, how have you configured your priorities in GFI?  Right now, I
have Whitelist at the top, but I will change to Directory Harvesting per
your last email.


From: Chris Wall [mailto:Chris.Wall@xxxxxxxxxxxxxxxxxxx] 
Sent: Thursday, October 13, 2005 12:16 PM
To: [ExchangeList]
Subject: [exchangelist] RE: GFI Mail Essentials 11 - NDR's and SMTP Mail



   Most spam is from 'Spoofed' e-mail accounts, therefore when an NDR is
sent to the Spoofed e-mail account (and of course they will fail due to the
fake address) it is retried for delivery based upon your SMTP settings.  


    By default, I believe that mail is retried for 48 hours before being
deleted.  Here is what I have done to ease the issue:


1.      Use the 'Directory Harvest' feature of GFI 

a.      This verifies that an e-mail address exists in your domain via an
LDAP lookup before GFI will continue processing the mail for delivery and
additional spam checks.  You want to make sure this is the first check that
is done before all other Spam filters (you can prioritize GFI checks in
version 11) 

b.      If any mail triggers the 'Directory Harvest' check, configure this
to NOT send and NDR. 

                                                               i.      The
only downfall here is if someone sends a legitimate e-mail and mistypes one
of your user's e-mail addresses, they will not be notified that the mail was
not delivered.  This has not been an issue for me yet.

                                                             ii.      The
Directory Harvest feature is so efficient for our organization that very few
e-mails (in comparison) trigger the other SPAM checks.

2.      Turn off NDR's for the SPF, Blacklist and DNS Blacklist options.
(if you have them enabled) 

a.      99% of the e-mails that trigger these filters are known spammers.
Who cares if they get an NDR. 

3.      Turn on NDR's for the Bayesian, Key Word and Header Checking options

4.      Set up and Automated task to delete your Badmail directory on a
nightly, or weekly basis. 

5.      You can also play around with the default settings for 'Retry Mail
Delivery' so that they are not retried for 48 hours.  I have adjusted mine
to try for only 24 hours before failing the message.  


This should help minimize the amount of mail that builds up in your queues
and still notify the senders when they are being filtered out...





From: Jason Davis [mailto:JDavis@xxxxxxxxxx] 
Sent: Thursday, October 13, 2005 2:57 PM
To: [ExchangeList]
Subject: [exchangelist] GFI Mail Essentials 11 - NDR's and SMTP Mail Queue

Hello all, 
I thought I'd send you a quick note regarding my findings today: 
This issue may have been a "no-brainer" for you guys, but I rebuilt my
original GFI server yesterday (Mail Essentials 11) and tested the SMTP
gateway for a few hours to keep an eye on the queues - no problems. Then, I
installed the latest build version for Mail Essentials 11. When I got home,
I decided to check the GFI server remotely to see how the queues were doing.
I found a lot of emails piling up in the queues as well as 1000's of emails
piling up in the Badmail folder! Yikes!!! After scratching my head for a few
hours and doing some research online, I proceeded to disable a feature which
I had implemented in the GFI software for each SPAM filter. The feature
involved sending back a NDR for each SPAM filter (under the "Other" tab -
"Generate Non Delivery Report <NDR>). Each SPAM filter (i.e. SPF, Bayesian,
etc, etc.) had that option checked! Once I unchecked that option for each
filter, I had to delete the mail in the Badmail folder and purge the SMTP
mail queue.  Well, I've been running GFI since that change and my queue is
purging fine and there have been NO emails in the Badmail folder. Alas, I
think that that was causing my problem this past weekend! 

Does that make sense to you guys? I'm sure it's a lack of knowledge on my
part, but I didn't realize that generating NDR's would cause my mail queue
to get "backed-up" as well as creating thousands of emails in my Badmail
folder. I could see how this would bring the GFI server to its knees after a
while. Does anyone have that option checked to "Generate Non Delivery
Reports"?? If so, how are your servers handling it? I'd be very

It seems to me that GFI would not put that option in its software, if it was
going to cause such a problem? Hmmmm......... 

Thanks for any comments, in advance! 
--Jason Davis 

List Archives:
Exchange Newsletters: 
Visit for more information about our other sites:
You are currently subscribed to this Discussion List as:
To unsubscribe visit
Report abuse to listadmin@xxxxxxxxxxxxxx 

List Archives:
Exchange Newsletters: 
Visit for more information about our other sites:
You are currently subscribed to this Discussion List as:
To unsubscribe visit
Report abuse to listadmin@xxxxxxxxxxxxxx 

Other related posts: