HELP!!! NDR's generating DOS

I'm getting slammed by NDR's,  it is causing a DoS. 

6 months prioir to this event I test my server for open relay and it showed 
I was not an open relay.
How do I stop this crap?
No mail can get in
0
vidro1 (25)
10/29/2006 2:54:01 AM
exchange.admin 57650 articles. 2 followers. Follow

8 Replies
257 Views

Similar Articles

[PageSpeed] 14

You need to give more details.

If the NDRs are coming to valid recipients in your domain, and your setup 
can't handle it, then you need to put something in place to shield your 
exchange servers from the attack. If they are not to valid recipients, you 
need to change your setup to not accept the mail.

"VIDRO" <VIDRO@discussions.microsoft.com> wrote in message 
news:19DC45CA-6B1E-452E-8271-784E46640328@microsoft.com...
> I'm getting slammed by NDR's,  it is causing a DoS.
>
> 6 months prioir to this event I test my server for open relay and it 
> showed
> I was not an open relay.
> How do I stop this crap?
> No mail can get in 


0
10/29/2006 4:15:46 AM
It seems it may not be NDR's but just a bunch of SMTP connections.
Why all of a sudden do you think this started to happen, nothing has changed.

Server win2003 SP2 Excange 2003 SP2. I do a NETSTAT -a on the Exchange 
server and I can  see up to 100 established on the smtp port.

Again nothing has changed on my side. but this is constant I can clear the 
connections but in about 2 minutes I will have another 100 connections.
I just do not understand what is happening 

"Matthew Kitchin (Usenet/Lists)" wrote:

> You need to give more details.
> 
> If the NDRs are coming to valid recipients in your domain, and your setup 
> can't handle it, then you need to put something in place to shield your 
> exchange servers from the attack. If they are not to valid recipients, you 
> need to change your setup to not accept the mail.
> 
> "VIDRO" <VIDRO@discussions.microsoft.com> wrote in message 
> news:19DC45CA-6B1E-452E-8271-784E46640328@microsoft.com...
> > I'm getting slammed by NDR's,  it is causing a DoS.
> >
> > 6 months prioir to this event I test my server for open relay and it 
> > showed
> > I was not an open relay.
> > How do I stop this crap?
> > No mail can get in 
> 
> 
> 
0
vidro1 (25)
10/29/2006 8:04:01 AM
I would suggest implementing some kind of antispam software - either 
MS's Intelligent Message Filter or 3rd party (http://www.vamsoft.com).

VIDRO wrote:
> It seems it may not be NDR's but just a bunch of SMTP connections.
> Why all of a sudden do you think this started to happen, nothing has changed.
>
> Server win2003 SP2 Excange 2003 SP2. I do a NETSTAT -a on the Exchange 
> server and I can  see up to 100 established on the smtp port.
>
> Again nothing has changed on my side. but this is constant I can clear the 
> connections but in about 2 minutes I will have another 100 connections.
> I just do not understand what is happening 
>
> "Matthew Kitchin (Usenet/Lists)" wrote:
>
>   
>> You need to give more details.
>>
>> If the NDRs are coming to valid recipients in your domain, and your setup 
>> can't handle it, then you need to put something in place to shield your 
>> exchange servers from the attack. If they are not to valid recipients, you 
>> need to change your setup to not accept the mail.
>>
>> "VIDRO" <VIDRO@discussions.microsoft.com> wrote in message 
>> news:19DC45CA-6B1E-452E-8271-784E46640328@microsoft.com...
>>     
>>> I'm getting slammed by NDR's,  it is causing a DoS.
>>>
>>> 6 months prioir to this event I test my server for open relay and it 
>>> showed
>>> I was not an open relay.
>>> How do I stop this crap?
>>> No mail can get in 
>>>       
>>
>>     

-- 
Text from most Windows dialogs can be copied to clipboard with Ctrl-INS.

Free productivity applications suit - www.openoffice.org
Free Internet calling - www.skype.com
Free SQL database Firebird - full support for transaction control, 
triggers, stored procedures, partial SQL-99 compliance
http://www.ibphoenix.com/main.nfs?a=ibphoenix&s=1142758270:704186&page=what_is_interbase
Free graphics image manipulation program - www.gimp.org
0
kpalagin (1838)
10/29/2006 9:14:44 AM
Enable SMTP logging and check your logs to see what the traffic is.

"VIDRO" <VIDRO@discussions.microsoft.com> wrote in message 
news:7041D296-5836-4FA1-B9CE-C74EEFE92240@microsoft.com...
> It seems it may not be NDR's but just a bunch of SMTP connections.
> Why all of a sudden do you think this started to happen, nothing has 
> changed.
>
> Server win2003 SP2 Excange 2003 SP2. I do a NETSTAT -a on the Exchange
> server and I can  see up to 100 established on the smtp port.
>
> Again nothing has changed on my side. but this is constant I can clear the
> connections but in about 2 minutes I will have another 100 connections.
> I just do not understand what is happening
>
> "Matthew Kitchin (Usenet/Lists)" wrote:
>
>> You need to give more details.
>>
>> If the NDRs are coming to valid recipients in your domain, and your setup
>> can't handle it, then you need to put something in place to shield your
>> exchange servers from the attack. If they are not to valid recipients, 
>> you
>> need to change your setup to not accept the mail.
>>
>> "VIDRO" <VIDRO@discussions.microsoft.com> wrote in message
>> news:19DC45CA-6B1E-452E-8271-784E46640328@microsoft.com...
>> > I'm getting slammed by NDR's,  it is causing a DoS.
>> >
>> > 6 months prioir to this event I test my server for open relay and it
>> > showed
>> > I was not an open relay.
>> > How do I stop this crap?
>> > No mail can get in
>>
>>
>> 


0
10/29/2006 1:56:16 PM
VIDRO <VIDRO@discussions.microsoft.com> wrote:

>It seems it may not be NDR's but just a bunch of SMTP connections.
>Why all of a sudden do you think this started to happen, nothing has changed.

The amount of spam, and zombie armies delivering that spam, on the
Internet has increased dramatically since the beginning of September.
We're seeing a 400% increase in mail volume over the last six weeks
(and that's just the stuff that's addressed to "live" addresses!). I
doubt it's going to stop any time soon.

>Server win2003 SP2 Excange 2003 SP2. I do a NETSTAT -a on the Exchange 
>server and I can  see up to 100 established on the smtp port.

Damned zombies. ISP's do a really poor job at controlling this. I
think every ISP should make anyone with a dynamic IP address use the
ISP's relay server. Just shut off port 25.

>Again nothing has changed on my side. but this is constant I can clear the 
>connections but in about 2 minutes I will have another 100 connections.
>I just do not understand what is happening 

Welcome to life on the Internet. This isn't going to stop until either
anonymity is no longer acceptable or the Internet V2 is running, where
you won't have all those "home users" sitting on the network spewing
crap.

-- 
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@getronics.com
Or to these, either: mailto:h.pott@pinkroccade.com mailto:melvin.mcphucknuckle@getronics.com mailto:melvin.mcphucknuckle@pinkroccade.com
0
richnews (7316)
10/29/2006 9:25:14 PM
Kirill Palagin <kpalagin@no.phxint.mail.ru> wrote:

>I would suggest implementing some kind of antispam software - either 
>MS's Intelligent Message Filter or 3rd party (http://www.vamsoft.com).

The problem isn't always that the junk mail is delivered, it's that
the zombies can send it a lot faster than the receiving server can
figure out what to do with it.

Greylisting works pretty well, but it also delays legitimate mail (not
every MTA retries quickly). That delay leads to "user unrest" and some
real problems if you have any SLA for responding to a message you
never receive because the sender waited an hour (or four) before
resending the message. In a big company, the exclusion list for
bypassing greylisting can be enormous!

While it's not inexpensive, a product like CipherTrust's "Edge" server
can make a real difference in managing this problem.

-- 
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
Don't send mail to this address mailto:h.pott@getronics.com
Or to these, either: mailto:h.pott@pinkroccade.com mailto:melvin.mcphucknuckle@getronics.com mailto:melvin.mcphucknuckle@pinkroccade.com
0
richnews (7316)
10/29/2006 9:30:43 PM
On Sun, 29 Oct 2006 16:25:14 -0500, "Rich Matheisen [MVP]"
<richnews@rmcons.com.NOSPAM.COM> wrote:

>Damned zombies. ISP's do a really poor job at controlling this. I
>think every ISP should make anyone with a dynamic IP address use the
>ISP's relay server. Just shut off port 25.

I'm amazed they don't - it seems such an obvious thing to do and it
would surely help the spam situation a lot. My own ISP blocks port 25
*to* customer addresses (unless you apply for an exemption) but allows
any outgoing connections - which seems completely the wrong way round.
0
local1 (3)
10/31/2006 10:32:01 AM
Rich Matheisen [MVP] wrote:
> Kirill Palagin <kpalagin@no.phxint.mail.ru> wrote:
>
>   
>> I would suggest implementing some kind of antispam software - either 
>> MS's Intelligent Message Filter or 3rd party (http://www.vamsoft.com).
>>     
>
> The problem isn't always that the junk mail is delivered, it's that
> the zombies can send it a lot faster than the receiving server can
> figure out what to do with it.
>
> Greylisting works pretty well, but it also delays legitimate mail (not
> every MTA retries quickly). 
Some legitimate MTAs do not retry at all!

-- 
Text from most Windows dialogs can be copied to clipboard with Ctrl-INS.

Free productivity applications suit - www.openoffice.org
Free Internet calling - www.skype.com
Free SQL database Firebird - full support for transaction control, 
triggers, stored procedures, partial SQL-99 compliance
http://www.ibphoenix.com/main.nfs?a=ibphoenix&s=1142758270:704186&page=what_is_interbase
Free graphics image manipulation program - www.gimp.org
0
kpalagin (1838)
11/1/2006 9:11:53 PM
Reply:

Similar Artilces:

Creating a group of cells. Need Help Please.
Havn't used excel in a while and I need to create a group of cell corresponding to an input of a min and a max. Here are the details. On one sheet I have a box where you enter th min and a box where you enter the max. In another sheet I want column starting at A2 to output (MIN,A2+1000,A3+1000,....MAX) ho would I do this -- Thundersix ----------------------------------------------------------------------- Thundersixx's Profile: http://www.excelforum.com/member.php?action=getinfo&userid=3055 View this thread: http://www.excelforum.com/showthread.php?threadid=50207 Name the...

REQ: Can Someone Help Me With This Outlook XP Question?
Hello All: I use Word to edit my e-mail msgs in Outlook XP. I had to reinstall Office the other day and now whenever I want to start a new e-mail or reply to an e-mail I get a warning that comes up: "A program is trying to access e-mail addresses you have stored in Outlook. Do you want to allow this? If this is unexpected it may be a virus and you should choose 'No'" There is a box that asks for the amount of time to allow the access: 1 to 10 minutes. Do I have to have specific settings for my Outlook address book? I use the Contact area in Outlook for addresses. I have ...

IWAN & IUSR bei Crystal Reports? *help*
Hi NG, my problem is that i can see the crystal reports, but when i open one i get "more information is needed". But till yesterday i could open reports!! Now after some search i see that i have no IUSR_servane and no IWAM_servername. how could this happen? My system is AD, SQL, CRM and each of them is one a seperate 2003 server. Please let me know if you have any suggestions. Regards Nicolas F�hrs sound strange with the IWAN and IUSR. I offten have this problem. There are a techknowledge article with 13 resoluti...

NDR Report
We get this NDR error when someone sends to a particular address: 550 Only 1 recipients accepted with null sender address Again, the emails are sent using Outlook to a listing in our GAL for the Custom Recipient. I have checked the outgoing messages and they do contain a sender address. Any ideas? Thanks. BSchmidt Have you contacted the recipient's admin folk on this? BSchmidt wrote: > We get this NDR error when someone sends to a particular address: > > 550 Only 1 recipients accepted with null sender address > > Again, the emails are sent using Out...

Please help..with a formula. I don't know code.
I have a long list of numbers - values in a file X, and I want to fin and replace those values in a even larger list in a file Z an highlight those values in Z -- Message posted from http://www.ExcelForum.com Hi not really sure what you're trying to achieve. What do you want to replace, etc. You may give an example (plain text - no attachment please) >-----Original Message----- >I have a long list of numbers - values in a file X, and I want to find >and replace those values in a even larger list in a file Z and >highlight those values in Z. > > >--- >Message...

Help With Strange Error When Trying to Save Any Record
I am getting astrane error happens when try to create any new record (Customer, Item, Vendor or Account), the system gives me a message that "Save Operation Failed" and when i click "More Info" the error message is "Could not find stored procedure 'DYNAMICS.dbo.aagGetCompanyStatus'", although i have created alot of items, customers, accounts and vendors before but suddenly this error appeared. Any quick help will be highly appreciated. It would appear that the AAG has something to do with a product produced by American Association of Geographers. I...

Need a default email account for all users, need help.
I have a tablet PC running WinXP Tablet with Outlook 2003. This tablet will connect to our exchange server via VPN. How can I set it up so that everyone that logs onto their account can access one (the same) email account. The problem is that I dont know at this point all of the users however anyone using the tablet will use one generic email account. So how can I set Outlook to default to this account so that no matter who logs on they will use this account? Thanks! Shane ...

help with preview pane and "read receipts"
Hi, I'm new to Outlook administration. We run Outlook on a server wit Exchange. Is it possible to setup Outlook on client PC's so that th preview pane cannot be activated by individual users? Also, can the blocking of "read receipts" by individual PC users b prohibited within Outlook, at the server level? If not, is there an other way to do it? My reasoning for wanting to do the above two things is to make th "read receipts" function work more effectively. Thanks for your suggestions. : ----------------------------------------------- ~~ Message posted from h...

Need help with formula 01-13-10
I am trying to adapt a formula in I2 from another spreadsheet that works well, but won't in mine. I've traced the error, but I would need help to understand the help it gives! My formula is this: =IF(J2="0-Jan-00","To be advised",WORKDAY(J2,1,NWD)). I have a worksheet in the same workbook with a list of non-workdays, and defined the column of dates with the name "NWD". What I expect the formula to do is this: If J2 is Feb. 4, it would give Feb. 5 in cell I2 because Feb. 5 is NOT a non-workday in NWD. But if J2 is Feb. 5, and Feb. 6 and...

NDR goes to different user
I have an Exchange 2003 serving two domains, both domains have a user nemed "info" the problem I get is that when user info on domain A sends a mail to an unknown user, the ndr is received by info at domain B? any ideias? Thx, Ed ...

DEADLINE... PLEASE HELP! Stacked Bar chart?
I'm not even sure how to ask the question so here's what I have... 2003 2004 2005 Actual/Goal Actual/Goal Actual/Goal Me 1009/1061 591/866 658/897 Comp. A 966/1012 633/811 624/808 Comp. B 699/744 450/593 480/607 Comp. C 957/1005 642/821 665/838 I wanto to show a bar for each competitor, for each year, so there will be 4 bars for each year. Each bar showing Actual performance & Performance Goal...

please help with this query
Ost Ocity Dstate Dcity Carrier Price Rank Diff A B C D X 1200 1 100 A B C D Y 1300 2 100 A B C D Z 1350 3 100 A B C D W 1789 4 100 A1 B1 C1 D1 X1 785 1 A1 B1 C1 D1 Y1 789 2 The rank for every carrier is based on the price . If rank1 carrier is not a pariticular carrier(say if it is not X1 or Y1 or Z1), then i want to calculate the difference be...

Help with Do...Loop
Hi I need a check to be done to see if column a has a number in it then to check if column b has a number. If column B doesn't have a number then I need it to stop and give a msgbox, When column A doesn't have data then I need the loop to stop as we dont have to check column b The code below is what I have but when I try to run it it keeps saying LOOP WITHOUT DO. I hope someone can help me as I am not very good with loops. mykeycode = Range("B32") mysell = Range("N32") Do mykeycode = mykeycode + 1 mysell = ...

Help on Macro or Formula
Hi, i hope someone can help me. i need to create a formula that sits in a cell and looks for data. ( obvioiusly ). however, the formula needs to be in place even though the file from ehere the data comes from might not be there yet. ( i have to create a book that when a new file is created, the links are already in place ). i think it could work with an IF type formula for ( if B2="",""). here is my information. Cell description: A2 = Job no. B2 = Client Name D2 = Actual Spend on project Register!D2 = Job Description Register!H2 = Quoted Amount my path is S:\Clients\...

Need help with update sql plus filter
I have the following update sql (copied from the query design view) UPDATE ListQry SET ListQry.ApprovalStatusID = [Forms]![OpeningForm]![Responsibility] WHERE (((ListQry.ApprovalStatusID)<[Forms]![OpeningForm]![Responsibility] And (ListQry.ApprovalStatusID)>-1) AND ((ListQry.OtherStatusID)>300)) OR (((ListQry.ApprovalStatusID)<[Forms]![OpeningForm]![Responsibility] And (ListQry.ApprovalStatusID)>-1) AND ((ListQry.OtherStatusID) Is Null)); ApprovalStatusID is an integer OtherStatusID is an integer ListQry is the recordsource for my form. I would like to add the f...

Email will not send, generates error in web and Outlook versions
We cannot send email using CRM. All attempts generate a generic error message. The router installed fine, and the CRM server registry key for the server url (pointing to the new folder created with the 2 sfm (orwhatever) files is correct). This problem has been noted by several people. The Anyone who can help resolve this issue if you could post the reason why it fails, and how to fix it, that would be great :) I've only seen questions posed like "what does this registry key read) but no suggestion on causes or solutions. Are there some mysterious restrictions on web ...

Email to generate case
Hi, we've recently implemented CRM in out organization, we are a small IT support company, and as such we recieve support queries by email. I have set up CRM so that it puts inbound email in our support queue as email activities, is there any way to get CRM to automatically convert these email activities into new cases? Many thanks, Dan. c360 has an add-on that will do this (www.c360.com). -- Matt Wittemann http://icu-mscrm.blogspot.com "Dan Baird" wrote: > Hi, we've recently implemented CRM in out organization, we are a small IT > support company, and as suc...

Hyperlink File Help
I am needing some major help. I have a file with hyperlinks in column F that link to a file on our server. I am needing to test to see if the file exists and if it does, copy the file to a folder in my documents called (CapturedFiles) and if it doesn't format the cell color to red. Can VBA do this and if so how? Any help would be greatly appreciated. Thanks in advance. Fileserver or webserver ? Tim On Nov 23, 7:20=A0am, Aaron <Aa...@discussions.microsoft.com> wrote: > I am needing some major help. =A0I have a file with hyperlinks in column = F that > l...

Help please user not showing in 5.5 GAL but is in exchange 2003 GA
Up until today I have been bable to add users fine and their address would appear in both the 5.5 GAL and the exchange 2003 GAL. Is a single site with 2 5.5 servers and 1 exchange 2003 server. When I add a new user now through users and computers and put the mailbox on the new exchange 2003 server the user gets his email addresses and appears in the GAL on the 2003 server but people connected the the old 5.5 servers cannot see it. When I open the 5.5 exchange admin tool again if connected to one of the old 5.5 server I cannot see the person I just created but when connected the the 20...

VLookup #VALUE! error help needed to resolve
The following is the funcation I have: =VLOOKUP(B10,'FA CC Summary Report 1141'!F$9:G$92,2,0) I have all the columns formatted the same; as in the column that the function is using to lookup is text and so is the column for this figure in order to pull back the appropriate answer. I have keyed the data instead of having links. I have replaced the final '0' with TRUE & FALSE then put it back. I have formatted the columns for text and for numbers. But I am getting the #VALUE! error in SOME of the cells NOT all of the cells. I don't know what else to d...

help with a sub
Hi, can anybody tell me why the following code fails at FormatConditions.Add Private Sub CommandButton1_Click() Dim Sh As Worksheet Dim lngLastRow As Long Set Sh = ActiveWorkbook.ActiveSheet lngLastRow = Sh.Cells(Cells.Rows.Count, "A").End(xlUp).Row Range("A4:E" & lngLastRow).Activate Selection.FormatConditions.Add Type:=xlExpression, Formula1:="=(MOD(ROW(),2)=0" Selection.FormatConditions(1).Interior.ColorIndex = 24 End Sub Thanks -- Traa Dy Liooar Jock You have an extra open paren just before MOD: &qu...

cdrom.sys corrupt in Win7
Yesterday Win7 decided to no longer show my 2 LiteOn DVDRW drives. I've tried to re-install/repair the driver (6.1.7600.16385) and everytime I get the same response = my current driver is good. BUT, then when I check with Device Manager, it shows that the drives are not working. Can anyone help me get a new cdrom.sys installed into the system32/drivers folder? Booting up with the Win7 DVD will work. But I can't find the cdrom.sys on the disk. No other repair options are there to get this fixed. Help would certainly be appreciated. I don't want to have to start all o...

Help Please - A bit of a challenge
Hello everyone~ I had had some trouble on a project I have been working on for some time. I have tried numerous approaches, each with undesired results. (VAB Code) The project I am working on has become quite complex, so rather than bother you with my spaghetti code, I have made a simple example of what I am trying to do. (Attached to this Message) The sheet tracks People and how many fruits they had each day. Day1 is where the information is Inputted, Day2 will double the DAY1 numbers, and Day three will triple the DAY2 Numbers. The challenge I am faced with: On DAY1 ...

Help- messages stuck in Outbox
Hello there. Outlook Xp client with all service packs connecting to an exchange 2003 server. This person in my network has rights to another mailbox (which he accesses through her folder list)and when she attempts to forward 2 particular emails with pdf attachments to another user (who also has rights to the mailbox....not that it should matter) the emails get stuck in her Outbox. She can forward those same emails to me without any problems. Also, when she sends emails without attachments to that person they go through. i haven't tried anything else at this point. The person wouldn&...

Help with formula: finding text
Hi, I would like to ask for help with a formula for comparing name in a cell with a list of names in a table. If there is a match it should return a associated text to the matched name from the table. If no match it should just leave the cell blank. Thanks in advance Jonas Hi =VLOOKUP(A1,Sheet2!A:B,2,FALSE) -- Please click "yes" if this post helped you! Greatly appreciated Eva "Jonas Ornborg" wrote: > Hi, > I would like to ask for help with a formula for comparing name in a cell > with a list of names in a table. If there is a match...