Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How do I stop a NDR Attack on Exchange 2007

Status
Not open for further replies.

kornakmf

Technical User
Aug 21, 2007
19
My queue is full of outbound NDR messages.

Does anyone know how to stop Exchange 2007 server from sending NDR's?

Thre is an article on how to do this on Exchange Server 2003, but not 2007.

To disable the sending of NDRs on Exchange 2003, follow the steps in this Microsoft KB article:
Thanks,
Mark
 
In Exchange Management Console:
Org Configuration
Hub Transport
Remote Domains (Properties)
Look on the "format blah" tab
There's the tickboxes you're expecting.

 
I think I have it.
Here are the steps I took to resolve the issue...

Stopping NDR Attack in Exchange 2007 SP1
[Open] Exchange Management Shell:
[PS] Exchange>get-organizationconfig | fl
SCLJunkThreshold: 4
[PS] Exchange >set-organizationconfig -scljunkthreshold 5
[PS] Exchange >get-organizationconfig | fl
SCLJunkThreshold: 5

[Open] Exchange Management Console:
Organization Configuration -> Hub Transport -> Anti-Spam [Tab]
-> Content Filtering [Properties]
- [Select and Set] Delete messages that have a SCL rating greater than or equal to [9]
- [Select and Set] Reject messages that have a SCL rating greater than or equal to [7]
Organization Configuration -> Hub Transport -> Anti-Spam [Tab]
-> Recipient Filtering [Properties]
- [Check] Block messages sent to recipients not listed in the Global Address List
Organization Configuration -> Hub Transport -> Anti-Spam Tab -> Sender Reputation -> Sender Confidence Tab
- [Check] Perform an open proxy test when determining sender confidence level.
Server Configuration -> Hub Transport -> MAIL Receive Connectors [Tab]
-> Default Mail [Properties] -> Network [Tab]
–> Receive mail from remote servers that have these IP addresses
- Enter your IP address range excluding your internet gateway 192.168.0.2-192.168.0.254
Server Configuration -> Hub Transport -> MAIL Receive Connectors [Tab]
-> Default Mail [Properties] -> Permission Groups [Tab]
- [Check] Exchange Users, Exchange Servers, Legacy Exchange Servers
Server Configuration -> Hub Transport -> MAIL Receive Connectors [Tab]
- [Right Click][New Receive Connector]
- Name “Inbound SMTP Mail”
- Use: “Internet”
- Keep the details except
o Permissions Groups [Tab]
? [Check] Anonymous Users
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top