Exchange 2007 / 2010 Queues Filling Up With Postmaster Mail to Invalid Domains

If you have an Exchange 2007 / 2010 Server and you notice that your queues are filling up with mail for domains that do not seem to be going anywhere and no-one internally has emailed those domains, you need to check to see who it is that is sending these emails.

Open up the Exchange Management Console, then click on the Toolbox, Open the Queue Viewer and then double-click onto a queue that is for a domain that you don’t recognise.

If you see as the Sender, then your server is sending out Non-Delivery Reports back to emails that are received at your server for recipients that don’t exist.

To check your server configuration, please open the Exchange Management Shell and type in the following:

get-recipientfilterconfig | ft RecipientValidationEnabled

You will most likely see the result showing as False, meaning that your server is not filtering Recipients on your server.

The problem with this is that if your server accepts all messages, then tries to deliver them, realises that some are destined for email addresses that don’t exist, your server becomes responsible for sending back a Non-Delivery Report. Now suppose that the email is spam and that the spammer has made-up the sender address. Your server will then be sending a Non-Delivery Report back to either an invalid email address, a valid email address for which the recipient had not sent the email in the first place, or worst of all, a honeypot email address (one that has never been advertised but has been hidden for spammers to find) designed to trap spam mail. If an NDR email arrives at a honeypot address, YOUR mail server will end up getting blacklisted on such sites as Backscatterer.org, causing you problems sending mail to some domains.

How to fix this problem?

Well, if you have an Edge Transport server, simply run the following command in the Exchange Management Shell:

Set-RecipientFilterConfig -RecipientValidationEnabled:$true

This simple command will tell your Exchange server to check the Recipient email address for any inbound email and if the address does not exist on the Exchange Server, it will immediately reject the message, resulting in the sending server becoming responsible for sending a Non-Delivery Report.

If you don’t have an Edge Transport Server – only a Hub Transport Server, you will need to install the Anti-Spam Agents by running the following comand in the Exchange Management Shell:

Exchange 2007:

Install-AntiSpamAgents.ps1

Then, run the above command also in the Exchange Management Shell:

Set-RecipientFilterConfig -RecipientValidationEnabled:$true

Exchange 2010:

Read the following article for how to install the Anti-Spam agents:

http://technet.microsoft.com/en-us/library/bb201691.aspx

then run the Set-RecipientFilterConfig command.

If you find that you have not got Recipient Filtering enabled and have to Enable it by using the command above, please pay a visit to MXToolbox, enter your Mail Server’s IP Address and see if you are Blacklisted on Backscatterer.org (or any other blacklist sites for that matter) and request de-listing if you have fixed the problem.

Advertisements

14 Responses

  1. Alan,

    I am having this issue with in my Exchange 2007 environment. The queues are constantly getting filled with outgoing DSN messages that have as the recipient, which resulted in us getting listed on Backscatterer.org. However, recipient validation is enabled on the filter. Our inbound emails come through a spam service that does not perform recipient validation. Will this cause a problem even though recipient validation is enabled on the Exchange server? How should I resolve?

    Thanks,

    Richard

    • Correction: the from address has , I stated that it’s the recipient.

    • If your 3rd party mail filtering service does not perform Recipient filtering, enabling it on your server is a waste of time. Because the 1st server to receive the message does not filter invalid recipients, they accept the message – the fact that they do this, then means when the message hits your server, your server is forced to issue an NDR message back and thus when spam is received and the sender was spoofed, you will eventually hit a honeypot address and get listed on backscatterer.org.

      Your only option is to enable Recipient Filtering on your 3rd party server or if they can’t, stop using them and receive your mail directly and filter the mail yourselves.

      Alan

  2. Thanks for this info. The same thing is happening at my office. I enabled the filtering and I’m still having this issue. is there something else that I can try? Any help would be appreciated. Not sure what else to try here. thanks in advance.

    • Hi Alex,

      Is your Exchange Server the first point that emails are delivered to or do they get delivered to a 3rd party host first and then passed on to your Exchange Server?

      Alan

      • Hello Alan,

        We use postini’s smarthost. Can it be a pc on our network causing this? It seems to stop once people go home.

        Thanks for the response,
        Alex

      • If that is external to your server, then you need to get Postini to Recipient Filter because once they have accepted the mail and passed it on to you the fact that they have accepted it forces your server to send back an NDR if the recipient is invalid.

        If they can filter invalid recipients, then the initial email will be rejected by them and won’t get passed to you and the problem will go away.

        Alan

      • Just wanted to say that setting up the Recipient Filter and creating an SPF record solved the issue for us.

        Thanks for you time,
        Alex

      • Hi Alex,

        Thanks for taking the time to come back and post an update. I’m very glad that the problem is solved and hope that it stays that way.

        Best wishes

        Alan

      • Alan,

        Thank you for taking the time to answer our questions. it’s greatly appreciated.

        Thanks again,
        Alex

      • Always a pleasure.

  3. for my case, i have configured through my isp spf and also configured recipient filtering, but the problem still exist, any idea? what need to be done?

    • Hi Lupyana,

      Do you receive emails direct to your server from the internet, or do you have a 3rd party (Smarthost) receive your emails first (for spam filtering) and then they pass them on to your server?

      Alan

  4. […] Exchange 2007 / 2010 Queues Filling Up With Postmaster … – Dec 18, 2010 · If you have an Exchange 2007 / 2010 Server and you notice that your queues are filling up with mail for domains that do not seem to be going anywhere …… […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: