RE: How to curb NDR Flood attacks

  • From: "Fred Orcutt" <forcutt@xxxxxxxxxxxxxxxxxxxxxxxxx>
  • To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
  • Date: Mon, 9 Jan 2006 15:46:45 -0700

If this is a reverse NDR attack, you will probably be seeing many NDRs sent
out by postmaster from your domain for a large batch of dictionary spam.

If you're running Exch 2k3 there is a recipient filter which may help.  In
Exch Sys Mgr, expand Global settings, rt-click Message Delivery, go to
Properties. Select Recipient Filter tab, select the checkbox for Recipients
who are not in the directory, then click OK.  You will get an smtp message.
At this point expand Servers>Protocols>SMTP>Default SMTP Server and go to
the SMTP properties page. At General tab> Advanced, select Edit, select
Apply Recipient Filter, then OK out of there.

Note if you're running more than one Exch server, do this on the gateway or
bridgehead unit. Also, filtering this way may require you to set up an SMTP
tar pit to avoid an email harvest attack.

Fred M Orcutt
Enterprise Technology, Inc.
Voice 208-367-0552
Fax    775-243-8564
Cell    208-484-0145

-----Original Message-----
From: ChongJa@xxxxxxxxxxxxxxxx [mailto:ChongJa@xxxxxxxxxxxxxxxx] 
Sent: Monday, January 09, 2006 3:06 PM
To: [ExchangeList]
Subject: [exchangelist] How to curb NDR Flood attacks

Does anybody know a good way to curb NDR flood attacks for 2000 or 2003?
(People spoofing your email to send to invalid addressed and you getting
NDRs) What do you guys normally do? Thanks.

List Archives:
Exchange Newsletters:
Visit for more information about our other sites:
You are currently subscribed to this Discussion List as:
forcutt@xxxxxxxxxxxxxxxxxxxxxxxxx To unsubscribe visit
Report abuse to info@xxxxxxxxxxxxxx

Other related posts: