If you have an Exchange 2007 / 2010 Server and you notice that your queues are filling up with mail for domains that do not seem to be going anywhere and no-one internally has emailed those domains, you need to check to see who it is that is sending these emails.
Open up the Exchange Management Console, then click on the Toolbox, Open the Queue Viewer and then double-click onto a queue that is for a domain that you don’t recognise.
If you see as the Sender, then your server is sending out Non-Delivery Reports back to emails that are received at your server for recipients that don’t exist.
To check your server configuration, please open the Exchange Management Shell and type in the following:
get-recipientfilterconfig | ft RecipientValidationEnabled
You will most likely see the result showing as False, meaning that your server is not filtering Recipients on your server.
The problem with this is that if your server accepts all messages, then tries to deliver them, realises that some are destined for email addresses that don’t exist, your server becomes responsible for sending back a Non-Delivery Report. Now suppose that the email is spam and that the spammer has made-up the sender address. Your server will then be sending a Non-Delivery Report back to either an invalid email address, a valid email address for which the recipient had not sent the email in the first place, or worst of all, a honeypot email address (one that has never been advertised but has been hidden for spammers to find) designed to trap spam mail. If an NDR email arrives at a honeypot address, YOUR mail server will end up getting blacklisted on such sites as Backscatterer.org, causing you problems sending mail to some domains.
How to fix this problem?
Well, if you have an Edge Transport server, simply run the following command in the Exchange Management Shell:
Set-RecipientFilterConfig -RecipientValidationEnabled:$true
This simple command will tell your Exchange server to check the Recipient email address for any inbound email and if the address does not exist on the Exchange Server, it will immediately reject the message, resulting in the sending server becoming responsible for sending a Non-Delivery Report.
If you don’t have an Edge Transport Server – only a Hub Transport Server, you will need to install the Anti-Spam Agents by running the following comand in the Exchange Management Shell:
Exchange 2007:
Install-AntiSpamAgents.ps1
Then, run the above command also in the Exchange Management Shell:
Set-RecipientFilterConfig -RecipientValidationEnabled:$true
Exchange 2010:
Read the following article for how to install the Anti-Spam agents:
http://technet.microsoft.com/en-us/library/bb201691.aspx
then run the Set-RecipientFilterConfig command.
If you find that you have not got Recipient Filtering enabled and have to Enable it by using the command above, please pay a visit to MXToolbox, enter your Mail Server’s IP Address and see if you are Blacklisted on Backscatterer.org (or any other blacklist sites for that matter) and request de-listing if you have fixed the problem.
Filed under: Anti-Spam, Exchange 2007, Exchange 2010, Exchange Server | Tagged: Exchange, Exchange 2007, exchange 2010, NDR, postmaster, Recipient Filtering, Spam | 14 Comments »
Alan Hardisty's Blog - All Things IT Related 