[Dshield] PDF Spam Wave

M Cook dshieldlists at versateam.com
Fri Aug 10 14:28:34 GMT 2007


Sloan, Jocelyn wrote:
> If you can advise (or at send a link) on HOW to block the incoming
> messages that are for invalid users, that would be helpful.  Telling me
> I need to do something, but refusing to share HOW is a waste of
> everyone's time.  Show me where I can find out HOW to do it would be so
> much more useful.  I am running Exchange 2003sp2, and I look forward to
> hearing from someone who knows how to do this.  THANK YOU, in advance.

The first question is whether or not your Exchange Server is configured 
to reject the message with "Permanent Failure" before the SMTP dialog is 
complete if there is a bad addressee or if some other policy is 
violated, rather than accepting it, examining it, and sending a bounce 
message later. It may be that your Exchange Server is doing the right 
thing already.

Here's an article describing how Microsoft set up their Exchange 2003sp2 
to be most effective against spam.

http://www.microsoft.com/technet/technetmag/issues/2006/01/NewWeapons/default.aspx

It looks like they do implement some sort of "real time" SMTP processing 
that does not fully accept the email until after a variety of checks 
have been made; this might allow them to issue a "permanent failure" to 
the sending machine instead of accepting the message and bouncing it later.

There is a KB article here:

http://support.microsoft.com/default.aspx?scid=kb;en-us;294757

It seems to relate mostly to turning of non-delivery reports. This 
sounds like a good idea if the message can be determined to be spam with 
a bad addressee; but for the very small number of cases where it is good 
email with a bad addressee, an NDR should be sent. On the other hand, 
since "real" NDR's are such a small proportion of all bounces messages 
these days, it might be just as well to turn them off.

I'm pretty sure the newer Exchange server makes it easier to reject mail 
with bad addressees. I know that's probably not what you wanted to hear.


More information about the list mailing list