Excessive DNS lookups.
jim
excessive amount of reverse lookups and hammering their dns servers. We
DON'T have that feature turned on in the virtual smtp server properties
(deliver > advanced > configure..). The only thing i see on our side are
all the bounced spam messages sitting in our queues undeliverable. It seems
like we get a huge volume of spam (far more spam than legitimate), but i'm
not sure that it's any higher than most other companies. In any event,
we're in Ex2K native mode, SP3 on all servers.
Can this lookup problem be addressed without adding a third party spam
filter? Are there any registry tweaks that can reduce the volume of
lookups? We have relaying turned off. We try to filter a fair number of
subnets using spamhaus as a reference...
Any advice/help is appreciated.
Robert Lampkin [MSFT]
Here is an article that describes it.
http://www.cmsconnect.com/praetor/RNDR/prRNDR.htm
In E2k you have to use third-party software to prevent this.
In E2k3 we have something called recipient filtering that rejects any mail
sent to users that do not exist in your directory.
I you might want to contact the ISP for exact details of what they say your
server is doing.
jim
"Robert Lampkin [MSFT]" <rlam...@online.microsoft.com> wrote in message
news:oFAEMG4l...@cpmsftngxa10.phx.gbl...
Alan Sun [MSFT]
Thanks for your posting back.
For this kind of Reverse NDR spam, your local Exchange server is not
involved in sending the original message. The spam sender embezzles your
user's e-mail address to send spam e-mails from their own mail server which
doesn't require authentication. Thus, I am afraid we may have nothing to do
on your local Exchange server to stop this behavior.
However, you can use some third-party tools designed for Exchange server,
to filter this kind of NDR messages and prevent your users from receiving
them. You can use the tool to filter the NDRs according to the special
words or patterns in the NDR messages. For more information about thes
tools, look into the following link:
http://www.slipstick.com/addins/content_control.htm
================
Warning: This response contains a reference to a third party World Wide Web
site. Microsoft is providing this information as a convenience to you.
Microsoft does not control these sites and has not tested any software or
information found on these sites; therefore, Microsoft cannot make any
representations regarding the quality, safety, or suitability of any
software or information found there. There are inherent dangers in the use
of any software found on the Internet, and Microsoft cautions you to make
sure that you completely understand the risk before retrieving any software
from the Internet.
================
Hope this helps! Thanks and have a nice day!
Thanks & Regards
Alan Sun
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
|From: "jim" <j...@NOSPAM.com>
|References: <e61swpzl...@TK2MSFTNGP12.phx.gbl>
<oFAEMG4l...@cpmsftngxa10.phx.gbl>
|Subject: Re: Excessive DNS lookups.
|Date: Fri, 10 Sep 2004 20:11:25 -0400
|Lines: 18
|X-Priority: 3
|X-MSMail-Priority: Normal
|X-Newsreader: Microsoft Outlook Express 6.00.2800.1437
|X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
|Message-ID: <uKrZhP5...@TK2MSFTNGP10.phx.gbl>
|Newsgroups: microsoft.public.exchange2000.connectivity
|NNTP-Posting-Host: pat.axcelis.com 12.146.8.100
|Path:
cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10
.phx.gbl
|Xref: cpmsftngxa10.phx.gbl
microsoft.public.exchange2000.connectivity:19009
|X-Tomcat-NG: microsoft.public.exchange2000.connectivity