|
|
|
date: Fri, 18 Apr 2008 00:50:01 -0700,
group: microsoft.public.exchange.misc
back
Re: recieving too many NDR messages without sending emails
Rami wrote:
> "Lanwench [MVP - Exchange]" wrote:
>
>> Rami wrote:
>>> "> > when someone spoof my email. does he can use any open relay in
>>> world
>>>>
>>>> Open relay isn't relevant.
>>>
>>> what do you mean by isn't relevant?? do you mean that anyone from
>>> his own mail server can spoof my email address and consequently the
>>> NDRs sent back to me
>>
>> Yes.
>>>
>>> I think most mail server check the reverse IP address of the mail
>>> server to resolve this problem??
>>
>> No they don't .....
>>
>>> can you plz explan this to me?
>>
>> I'm not sure what else to tell you!
>
> I want to know please why the recieving mail server check the
> revearse IP address of the sender mail server??
Even if they check for the presence of a PTR, it doesn't mean it has to
match the sending domain. It might, but that's up to the person who runs the
mail server. Not you!
>
> another thing, I keep getting in the applications event viewer the
> errors with ID 7004 and 7010 is that related to my problem in
> recieving the NDRs??
No.
>
> I found this article http://support.microsoft.com/kb/843106
>
> regaring the error messages above but i realy dont under stand the
> sendAs permission part in the article. what should I check to
> gurantee i have the the right permission permissions?!!
The article doesn't apply to your NDRs - are you having difficulty receiving
legitimate mail from your senders?
>
>
> thanks in advance
> Rami
>
>
>
>>>>
>>>>
>>>>> to spoof my email address?? and then the NDRs sent back to me?!
>>>>
>>>> Yes.
>>>>
>>>>
>>>>> how can i resolve this problem??
>>>>
>>>> You can't stop it. It has nothing to do with open relay or your
>>>> server or anything.
>>>>
>>>>> what kind of filters can stop these
>>>>> NDRs spam messages
>>>>
>>>> They aren't spam - they're legitimate NDRs to mail. It just happens
>>>> to be mail you never sent.
>>>>
>>>>>
>>>>> "Andreas Y." wrote:
>>>>>
>>>>>> Spoofing means that I can send a message right now, either by
>>>>>> telnet or with the use of a software that will show in the from
>>>>>> header that the sender is not me but you. When the recipient
>>>>>> receives this, he will believe that it is you and not me. How can
>>>>>> you prevent me from doing so? You can't.
>>>>>>
>>>>>> The only thing that I am looking for as well is how to filter all
>>>>>> those ndrs without blocking legitimate as well, but I am not
>>>>>> optimistic that there is any way.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> "Rami" wrote in message
>>>>>> news:8CDA7862-A267-4300-A734-AAD0350AC7C3@microsoft.com...
>>>>>>> can you please let me know how can I prevent anyone from
>>>>>>> spoofing my email. I
>>>>>>> made open relay test and the test result is that my mail server
>>>>>>> is not open
>>>>>>> relay.
>>>>>>>
>>>>>>> any thoughts???
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> "Lanwench [MVP - Exchange]" wrote:
>>>>>>>
>>>>>>>> Rami wrote:
>>>>>>>>> hi,
>>>>>>>>>
>>>>>>>>> I have a problem that i am recieving too many NDR
>>>>>>>>> notifications daily without sending emails to the
>>>>>>>>> destinations that I recive from the NDR messages.
>>>>>>>>>
>>>>>>>>> from my search I found this problem could be due to open
>>>>>>>>> relay, spyware, or virus.
>>>>>>>>>
>>>>>>>>> I configured my Exchange server not to allow open relay but I
>>>>>>>>> still keep getting event ID 7004. please help?
>>>>>>>>
>>>>>>>> Someone's spoofing you as a sender of spam messages or viruses
>>>>>>>> (no way to tell who). These NDRs aren't generated by your
>>>>>>>> server. This happens to all
>>>>>>>> of us, honestly - delete the NDRs and sigh.
date: Tue, 22 Apr 2008 07:22:49 -0400
author: Lanwench [MVP - Exchange]
Re: recieving too many NDR messages without sending emails
"Lanwench [MVP - Exchange]" wrote:
> Rami wrote:
> > "Lanwench [MVP - Exchange]" wrote:
> >
> >> Rami wrote:
> >>> "> > when someone spoof my email. does he can use any open relay in
> >>> world
> >>>>
> >>>> Open relay isn't relevant.
> >>>
> >>> what do you mean by isn't relevant?? do you mean that anyone from
> >>> his own mail server can spoof my email address and consequently the
> >>> NDRs sent back to me
> >>
> >> Yes.
> >>>
> >>> I think most mail server check the reverse IP address of the mail
> >>> server to resolve this problem??
> >>
> >> No they don't .....
> >>
> >>> can you plz explan this to me?
> >>
> >> I'm not sure what else to tell you!
> >
> > I want to know please why the recieving mail server check the
> > revearse IP address of the sender mail server??
>
> Even if they check for the presence of a PTR, it doesn't mean it has to
> match the sending domain. It might, but that's up to the person who runs the
> mail server. Not you!
> >
> > another thing, I keep getting in the applications event viewer the
> > errors with ID 7004 and 7010 is that related to my problem in
> > recieving the NDRs??
>
> No.
>
> >
> > I found this article http://support.microsoft.com/kb/843106
> >
> > regaring the error messages above but i realy dont under stand the
> > sendAs permission part in the article. what should I check to
> > gurantee i have the the right permission permissions?!!
>
> The article doesn't apply to your NDRs - are you having difficulty receiving
> legitimate mail from your senders?
No, I dont have problem in recieving emails.
I beileve there is a way to prevent recieving these NDRs. please help
>
>
> >
> >
> > thanks in advance
> > Rami
> >
> >
> >
> >>>>
> >>>>
> >>>>> to spoof my email address?? and then the NDRs sent back to me?!
> >>>>
> >>>> Yes.
> >>>>
> >>>>
> >>>>> how can i resolve this problem??
> >>>>
> >>>> You can't stop it. It has nothing to do with open relay or your
> >>>> server or anything.
> >>>>
> >>>>> what kind of filters can stop these
> >>>>> NDRs spam messages
> >>>>
> >>>> They aren't spam - they're legitimate NDRs to mail. It just happens
> >>>> to be mail you never sent.
> >>>>
> >>>>>
> >>>>> "Andreas Y." wrote:
> >>>>>
> >>>>>> Spoofing means that I can send a message right now, either by
> >>>>>> telnet or with the use of a software that will show in the from
> >>>>>> header that the sender is not me but you. When the recipient
> >>>>>> receives this, he will believe that it is you and not me. How can
> >>>>>> you prevent me from doing so? You can't.
> >>>>>>
> >>>>>> The only thing that I am looking for as well is how to filter all
> >>>>>> those ndrs without blocking legitimate as well, but I am not
> >>>>>> optimistic that there is any way.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> "Rami" wrote in message
> >>>>>> news:8CDA7862-A267-4300-A734-AAD0350AC7C3@microsoft.com...
> >>>>>>> can you please let me know how can I prevent anyone from
> >>>>>>> spoofing my email. I
> >>>>>>> made open relay test and the test result is that my mail server
> >>>>>>> is not open
> >>>>>>> relay.
> >>>>>>>
> >>>>>>> any thoughts???
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> "Lanwench [MVP - Exchange]" wrote:
> >>>>>>>
> >>>>>>>> Rami wrote:
> >>>>>>>>> hi,
> >>>>>>>>>
> >>>>>>>>> I have a problem that i am recieving too many NDR
> >>>>>>>>> notifications daily without sending emails to the
> >>>>>>>>> destinations that I recive from the NDR messages.
> >>>>>>>>>
> >>>>>>>>> from my search I found this problem could be due to open
> >>>>>>>>> relay, spyware, or virus.
> >>>>>>>>>
> >>>>>>>>> I configured my Exchange server not to allow open relay but I
> >>>>>>>>> still keep getting event ID 7004. please help?
> >>>>>>>>
> >>>>>>>> Someone's spoofing you as a sender of spam messages or viruses
> >>>>>>>> (no way to tell who). These NDRs aren't generated by your
> >>>>>>>> server. This happens to all
> >>>>>>>> of us, honestly - delete the NDRs and sigh.
>
>
>
>
date: Tue, 22 Apr 2008 07:36:00 -0700
author: Rami
Re: recieving too many NDR messages without sending emails
Just like Lanwench said, there is no way to block these specific NDR's while
letting in other, legitimate NDR's.
The problem lies in the SMTP specifications, the people who originaly
designed SMTP didn't take into consideration all of the nasty things people
would want to do with email, including spoofing a FROM address. Over the
past few years there have been some attempts to fix this with things like
SPF/Sender ID, and others, but until the *entire* Internet adopts these
solutions and uses them constantly FROM address spoofing is here to stay,
which means that NDR backscatter (that's what it's called when you get the
NDR even though you didn't send the original email) is also going to continue
to be a problem.
One thing I've noticed on Exchange discussion boards and email lists, this
NDR backscatter problem seems to have really picked up over the past month or
two, I suspect some spam operation has been running a massive spam campaign
using a large list of legit email addresses to spoof the FROM address.
"Lanwench [MVP - Exchange]" wrote:
> Rami wrote:
>
> <snipped for length>
>
> >
> > I beileve there is a way to prevent recieving these NDRs. please help
>
> I'm sorry, but it appears there's nothing else I can tell you.
>
>
>
date: Thu, 24 Apr 2008 16:41:00 -0700
author: sbq
|
|
