That is what I meant. Exchange should never had accepted those NDR?s in the first place. This is called Exchange first accepting all then sending NDR for non-existent. I believe there is a way to configure Exchange to only accept for actual users. Also, a ?gateway? in front of Exchange can be configured with known users to no accept from non-existent users. John Tolmachoff Engineer/Consultant/Owner eServices For You -----Original Message----- From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx] Sent: Monday, August 09, 2004 8:31 AM To: [ISAserver.org Discussion List] Subject: [isalist] RES: RE: RES: NDR attack http://www.ISAserver.org No, No.. he did have protection. But the NDR?s came in such a massive quantity that his DSL couldn?t manage so many NDR?s coming, even though his server was blocking them all and throwing them at the badmail folder. His disk space reached zero in an hour or so. Impressive! Tiago de Aviz SoftSell (41) 340-2363 <http://www.softsell.com.br/> www.softsell.com.br Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é restrito ao destinatário da mensagem. Caso você tenha recebido esta mensagem por engano, queira por favor retorná-la ao destinatário e apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou disseminação desta mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável pelo conteúdo ou a veracidade desta informação. _____ De: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx] Enviada em: sábado, 7 de agosto de 2004 17:15 Para: [ISAserver.org Discussion List] Assunto: [isalist] RE: RES: NDR attack http://www.ISAserver.org Abandon his Domain name? What, he did not expect stuff like this? Did not do his homework on operating an e-mail server on the Internet/ What, he thinks his new domain name will be exempt from these attacks? Sounds like he needs some configuration changes and gateway software to protect against that. John Tolmachoff Engineer/Consultant/Owner eServices For You -----Original Message----- From: Tiago de Aviz [mailto:Tiago@xxxxxxxxxxxxxxx] Sent: Saturday, August 07, 2004 11:51 AM To: [ISAserver.org Discussion List] Subject: [isalist] RES: NDR attack http://www.ISAserver.org I had a customer that had a SBS server with a fixed IP DSL modem. One day, some dude started to make Directory Harvest Attacks against some small companies (Nissan, Renault?), and set his e-mail as the reply-to address. Needlessly to say, he had to abandon his DNS name. The NDR?s came in such monstrous quantities that they made itself a DoS attack ;) Tiago de Aviz SoftSell (41) 340-2363 www.softsell.com.br <http://www.softsell.com.br/> Esta mensagem, incluindo seus anexos, tem caráter confidencial e seu conteúdo é restrito ao destinatário da mensagem. Caso você tenha recebido esta mensagem por engano, queira por favor retorná-la ao destinatário e apagá-la de seus arquivos. Qualquer uso não autorizado, replicação ou disseminação desta mensagem ou parte dela é expressamente proibido. A SoftSell não é responsável pelo conteúdo ou a veracidade desta informação. _____ De: Thomas W Shinder [mailto:tshinder@xxxxxxxxxxx] Enviada em: sexta-feira, 6 de agosto de 2004 15:39 Para: [ISAserver.org Discussion List] Assunto: [isalist] NDR attack http://www.ISAserver.org Hey guys, I was looking at my firewall logs yesterday and noticed a big increase in my Firewall service logs. Started running it down and the logs shows a ton of DNS and SMTP traffic coming from my outbound relay. We'll wouldn't you know it, it wasnt' even the ISA firewall's fault :-) You might want to this out and disable sending NDRs. Fixed the problem for me. MAPILab.Com - Articles: http://www.mapilab.com/articles/ndr_spam_attack.htm HTH, Toml ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tiago@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: johnlist@xxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: tiago@xxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: johnlist@xxxxxxxxxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx