We have a Linux mail relayer on the outside of our network.
Every night, we do an export of user smtp addresses (we exclude and PFs, DLs and anything else we don't want e-mail sent to). We then copy that file to a secure location on the Linux box. Any e-mail that comes in is compared to that text file. If the SMTP address being sent to isn't in the list, it doesn't get delivered. Jim On 3/28/07, Wallace Lam <[EMAIL PROTECTED]> wrote:
Thanks Chris. Knowing that the alias would be used solely for internal, is there a way to filter out these internal aliases from receiving external emails? What I have done so far is stamping those email with [EMAIL PROTECTED] and hopefully it works well. On 3/28/07, Chris Scharff <[EMAIL PROTECTED]> wrote: > There's not a lot one can do other than filter NDRs just like you would > any other content. Having internal DL MTP addresses with non-dictionary > word local-parts also helps somewhat (e.g. [EMAIL PROTECTED]) > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Wallace Lam > Posted At: Wednesday, March 28, 2007 7:01 AM > Posted To: swynk > Conversation: reverse NDR SPAM > Subject: reverse NDR SPAM > > Recently our company has been received a lot of SPAM in the form of > NDR. It looks something like this: > > === === === === === === === === === === === === === === > Your message did not reach some or all of the intended recipients. > > Subject: Browse list of bots > Sent: 3/27/2007 9:49 PM > > The following recipient(s) could not be reached: > > [EMAIL PROTECTED] on 3/27/2007 9:56 PM > The e-mail account does not exist at the organization this > message was sent to. Check the e-mail address, or contact the > recipient directly to find out the correct address. > < card.komifree.ru #5.1.1 X-Unix; 67> > > === === === === === === === === === === === === === === > > We receive about 70 - 80 of those every single day and none of the NDR > recipients we know of. > > The bounced email was addressed back to [EMAIL PROTECTED] (replace > company with my company name) and this mailbox is generally not used > for sending email. So far 5 of our internal aliases have been hit by > these NDR SPAM and the worst thing is that those aliases are DLs. So > you can imagine the propagations effect. > > Some of those NDRs came with attachment, which, is obviously a SPAM > content. > > I wonder how I can block or prevent this while allowing the legitimate > NDR pass through our SPAM filter as these system generated NDRs > ususally have empty sender <> and did not get filtered. > > Tentatively I have enabled content filtering using keywords and that > largely cut these NDR SPAM down by 90% but that also filter out > legitimate NDR. > > Any ideas will be great. > > Thanks. > Wallace > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to > [EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to [EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
_________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
