Search for Active Directory on this page: http://www.xwall.net/xwallconfig.htm
On Thu, Apr 10, 2014 at 5:51 PM, Kennedy, Jim <[email protected]> wrote: > What does XWall do then? I would guess it tries to email an NDR back to the > 'sending' address? That is where your problem lies. Got to be a way to get > Xwall to talk to Exchange/AD in real time. Poke around and look for an AD > connector via LDAP, that is how most of them do it. > > > ________________________________ > From: [email protected] [[email protected]] on > behalf of Reimer, Mark [[email protected]] > Sent: Thursday, April 10, 2014 6:46 PM > To: '[email protected]' > Subject: RE: [Exchange] Relaying > > Xwall accepts the email. The error comes when it communicates with my > Exchange server. I get the 550 error in the conversation between XWall and > my Exchange server. > > > > Mark > > > > From: [email protected] [mailto:[email protected]] > On Behalf Of Kennedy, Jim > Sent: Thursday, April 10, 2014 11:14 AM > To: '[email protected]' > Subject: RE: [Exchange] Relaying > > > > You verify that the XWall does this in realtime….while the sending server is > still sending the email to you? If snoop the smtp conversation it would look > like this: > > > > > > 220 mail.elyriaschools.org > > HELO my.fake.domain.com > > 250 spamkiller.elyriaschools.org Hello w8desktopjdk.edunet.local > [10.55.235.1], > > pleased to meet you > > mail from: [email protected] > > 250 Sender <[email protected]> OK > > rcpt to: [email protected] > > 550 No such user ([email protected]) > > Quit > > > > You can do this manually yourself, telnet to your Xwall on port 25 and just > type the commands. > > > > http://www.yuki-onna.co.uk/email/smtp.html > > > > > > The question is, does your XWall do it as my example above….or does it > accept the email then generate an outgoing email…an NDR. Because what is > happening above isn’t called an NDR, it’s a 550 fatal error during the > conversation. So no backscatter from you, the sending server takes > responsibility at that point for the NDR. > > > > > > From: [email protected] [mailto:[email protected]] > On Behalf Of Reimer, Mark > Sent: Thursday, April 10, 2014 1:03 PM > To: '[email protected]' > Subject: RE: [Exchange] Relaying > > > > I did turn on recipient filtering. I have a mail filter (XWall) in front of > the Exchange server. From what I can see/understand in the logs, XWALL opens > up a connection to the exchange server. The exchange server says there is no > recipient, and XWall sends the NDR, not Exchange. > > > > The emails have a consistent subject line, so I’ve been watching it, and > filtering the email out by subject line. > > > > Mark > > > > From: [email protected] [mailto:[email protected]] > On Behalf Of Steve Ens > Sent: Thursday, April 10, 2014 10:27 AM > To: [email protected] > Subject: Re: [Exchange] Relaying > > > > Thanks Jim, I set that up on Tuesday. > > > > On Thu, Apr 10, 2014 at 9:13 AM, Kennedy, Jim <[email protected]> > wrote: > > If these are because of non-existent accounts, which is usually the cause, > turn on recipient filtering. That way your server rejects them during the > smtp phase. What you are probably doing now is accepting then realizing they > are invalid addresses….and generating the ndr. > > > > http://www.gn.apc.org/support/minimising-backscatter-your-office-server > > > > > > From: [email protected] [mailto:[email protected]] > On Behalf Of Steve Ens > Sent: Thursday, April 10, 2014 10:07 AM > > > To: [email protected] > Subject: Re: [Exchange] Relaying > > > > I think that is exactly what is going on here. I can't see any other > traffic out of the network besides the NDR's.... > > Mark what did you end up doing in the end? > > > > On Thu, Apr 10, 2014 at 8:09 AM, Reimer, Mark <[email protected]> > wrote: > > Blue host caught me too. I was getting spammed (to non-existant accounts), > and my server was sending NDR’s. Of course, the NDR’s were going to people > who didn’t exist, and they blocked our email. And as in Steve’s case, we > weren’t listed on mxtoolbox. > > > > My two cents. > > > Mark > > > > From: [email protected] [mailto:[email protected]] > On Behalf Of Steve Ens > Sent: Wednesday, April 09, 2014 3:06 PM > > > To: [email protected] > Subject: Re: [Exchange] Relaying > > > > It was a site called bluehost. If I went to mxtoolbox, we weren't listed > anywhere. > > > > On Wed, Apr 9, 2014 at 4:04 PM, J- P <[email protected]> wrote: > > When you were blacklisted do you see what RBL you were listed on, or why you > were listed? > I had a site where there was a lone workstation in the far end of the > warehouse used only for checking schedules, sure enough that was the > affected/infected PC that was part of bot-net causing the blacklisting. > > > Jean-Paul Natola > > > ________________________________ > > Date: Wed, 9 Apr 2014 11:54:11 -0500 > > > Subject: Re: [Exchange] Relaying > From: [email protected] > To: [email protected] > > I've also put a firewall rule into the default domain policy to block all > port 25 traffic between clients. I'll see if that helps. > > > > On Wed, Apr 9, 2014 at 11:49 AM, J- P <[email protected]> wrote: > > You can get blacklisted without SMTP traffic, simply by machines trying to > access certain websites known as sinkhole servers > http://www.spamhaus.org/faq/section/Spamhaus%20XBL > > > > > > ________________________________ > > Date: Tue, 8 Apr 2014 21:55:27 -0500 > Subject: Re: [Exchange] Relaying > From: [email protected] > To: [email protected] > > > > I think Don has not been in this conversation yet, and i do use Vipre for > backscatter and spam protection. I don't think having 600 messages > undelivered in the queue is reasonable. We have been blacklisted a couple > of times and been delisted so far. I also have all traffic on port 25 > blocked out of the firewall except for the Exchange box. I'm looking at the > smtp logs and can;t seem anything off yet. > > > > On Tue, Apr 8, 2014 at 7:07 PM, Richard Stovall <[email protected]> wrote: > > I think this answer is correct in some circumstances, but not universally by > any means. Don, do you have any backscatter protection enabled? This would > eliminate these as NDRs resulting from spam from spoofed addresses you own. > If you don't have backscatter protection, my guess is that spam which does > spoof existing addresses would be far more problematic than that which does > not. > > > > On Tue, Apr 8, 2014 at 7:13 PM, Mike Tavares <[email protected]> > wrote: > > the sender <> is normal exchange NDR’s being delivered. Since your exchange > server is authoritative for you domain any messages addressed to non > existent email address will cause these, since a lot of spam has bogus > address you tend to see them sitting in your ques for a while. They will > eventually time out and go away on their own. > > > > Nothing to worry about. > > > > > > From: Steve Ens > > Sent: Tuesday, April 08, 2014 4:30 PM > > To: [email protected] > > Subject: [Exchange] Relaying > > > > I'm running exchange 2010 here with all the service packs. I think that I > must have misconfigured one of my receive connectors. I know I am not an > open relay from the outside, but I think I have a machine inside my network > that is compromised and using exchange to send out since I have many > messages sitting in my queue that are undeliverable. Any suggestions as to > how I'd determine from which IP these messages are originating? The sender > always looks like <> I've opened up the message tracking logs, but can't > find any incriminating evidence there. > > > > > > > > > > > >
