Stop Spam… but not NDRs

I realize that any mail server these days receives tons of spam and that SBSers use employ several methods to cope up with that, but I think that disabling NDRs is not a wise choice. For those who don’t know: NDR stands for Non Delivery Report and its simply that email that you get when the mail cannot reach its destination (or when it is delayed). Some people disable them because sometimes an SBS box can be sending 100’s of spam-related NDRs which takes server resources and bandwidth. Why not disable NDRs then? Let me explain…


There are 2 types of NDRs that concerns us:


  1. An external entity sends an email (either accidentally or on purpose) to a non-existent address in your email domain.
  2. Someone inside your LAN sends an email and Exchange cannot deliver it for some reason.

Evidently, one would like only to disable “type-1” NDRs (more specifically only for those who do it on purpose, i.e. spammers). However, if you disable NDRs in Exchange this will affect
all of them. This means that if you your boss or an external client sends an important email and mistypes the recipient’s address they will never get any notification for that. That’s not good (at least in my book).


So, what can you do? Use the Recipient Filtering instead (go to Exchange System Manager -> Global Settings -> Message Delivery-> Properties-> Recipient Filtering tab-> Enable “Filter recipients who are not in the Directory”). This way you server will only accept mail destined to valid addresses on your domain, you keep NDRs working and the boss is happy. Also, now it is the responsibility of the sender’s mail server to issue NDRs (so people outside your organization will know when they made a mistake).


The disadvantage of doing this is that someone could probe Exchange (some kind of dictionary attack) and get a list of valid email addresses. However, you can minimize this risk thanks to a recent software update for Exchange which adds a delay to anonymous connections. Check out Sean Daniel’s blog for the complete info.


Keep tuned! Since SPAM is such a hot topic… I’m planning to blog soon about other things you can do to help reduce it (and a new way to prevent people from forging your domain name to send spam). If you have a suggestion or want me to cover something in particular let me know.

Windows XP Partner Pack

This might be old news for some… but I just learned about this. Microsoft has a “partner pack” for XP which consist on 3rd party tools like:


  • Google Deskbar
  • CA’s eTrust (free for 1 year)
  • Microsoft TimeZone (I recommend this)
  • Much more

Although I wouldn’t install all those apps on my PCs… I think some of them have great potential. You can check out the Partner Pack here:


http://www.microsoft.com/windows/partnerpack/


By the way, another set of very useful tools for XP are PowerToys (I realize these are much more common tools). Personally, I really like TweakUI, Image Resizer and Open CMD here.

Switching from POP3 to SMTP

Many people has asked in the past how to switch from using the POP3 connector for retreiving mail to use SMTP instead. Switching to SMTP has many advantages like:


-Mail is received in realtime (no 15-min delay)
-You have control over which servers can send mail to you (control spam)
-You have total control over your mail servers, accounts, etc.


Most people think that a static IP is required for using SMTP, but that is not correct. Although it is convinient to have a static IP, you can overcome this by using Dynamic DNS service. In fact, even if your ISP is blocking (incoming) port 25 you still could be able to circumvent this by subscribing to a redirector service. The only real requirement for using SMTP is that you own your domain. So, here is how to do it…



With a static IP-


  1. Ask whomever is hosting your DNS (probably your web hosting service) to create an “A” record (mail.yourdomain.com) that points out to your static IP address.
  2. Also ask them to create an MX record that points out to the hostname created on step #1 and to remove all other MX records.
  3. Rerun CEICW and make sure you set it up to receive mail using SMTP. You can test if your server is ready by running “telnet x.x.x.x 25” from a PC outside the local LAN (where x.x.x.x is the public IP of your SBS box) if its working you will see Exchange “answering”.

With a dynamic IP-


  1. Choose the Dynamic DNS provider of your choice (www.dyndns.org, www.tzo.com, www.no-ip.com) then create an account there (i.e.yourdomain.dyndns.org).
  2. Download their DDNS client (or a 3rd-party) and install it on the server (if you have a router that supports Dynamic DNS updates I would use it instead). Make sure the records get updated.
  3. Follow the same procedure on steps 2-3 in the previous section… but instead point the MX record to whatever you created on step #1 here (i.e. yourdomain.dyndns.org).

You might want to ask your ISP if they could host a backup mailserver for you (most would do this for free). If so, they can add their backup mailserver with a lower priority to your MX records.


One final note-> In case the people hosting your DNS are uncooperative my first suggestion would be to change to another provider. However, this is not necessary. You can get DNS hosting with the DDNS providers that I mentioned earlier. You could even get free DNS hosting with Zone Edit or by registering your domain with GoDaddy. In many cases these services are a better alternative since you will have total control over your DNS.

Per Processor Licensing

Although this is old news for SBSers (and not totally relevant)… now Microsoft has made public their policy of using Per Processor licensing (as opposed to Per Core). SBS 2003 is currently limited to 2 physical processors, but it can support 4 HyperThreading (virtual) processors. These are great news, because the experts predict that the chip engineering focus will change in the next couple of years to dual-core (instead of just higher transistor density) processors. Now Intel and AMD can build these chips without licensing concerns.


Check out the official statement from Microsoft

Welcome to my blog!

For those who don’t know me, my name is Javier Gomez and I’m an SBS MVP. A geek by definition… I love electronic gadgets, technology, computers and most sci-fi series/movies (my favorite is Stargate SG-1). I was born in the beautiful island of Puerto Rico (think warm and sandy beaches), but now I reside in Delaware (think boring and cold) while doing my PhD in chemical engineering.



I must admit that at first I didn’t like blogs, especially since there are so many around. However, after reading Susan’s Blog for a while I now realize their potential. I have been wondering for a while if I should start one… you can guess what I finally decided J.



Where do I want to go with this blog? I’m not sure yet… but the main focus would be SBS and its related issues. I would really love to hear what you have to say… so don’t hesitate to send me your comments and suggestions.