Exchange settings to reduce traffic, lessen spam attacks or relay attacks.

I am a user of Trend CSM which does a pretty good job of killing viri and spam. You still suffer some traffic/overhead dealing with ndr and directory lookup when you are getting spammed. I have a guide Microsoft Exchange 2003 by William R. Stanek which has some things to reduce some of this hassle. Les Conner, another SBS MVP discovered the same things about the same time I did.


Open the Exchange System Manager and find Global Settings/ Internet Message Formats/Advanced. I do not check the first three boxes and the last three are checked. I do sometimes clear the Allow non-delivery reports when I am doing post attack cleanup. Clearing that box is not RPC compliant so you really should have it checked.


Same general area but go to Message Delivery. I have had a few accounts get blacklisted as spammers because they were trying to send out mass emails. There are programs to help you mass email without looking like a spammer.  I’ll list one once I find that program. Go to the defaults page. I set the maximum number of recipients to 100. It works for most. Recipient Filtering tab. I check the Filter recipients not in the directory. Exchange does not waste any more time processing recipeints who are not in Active Directory. I think these messages sit around in the messge queues and eventualy go away. I have not confirmed that theory. You should get a notice that you need to do one more step. Head over to your default virtual server.


In ESM click on Servers\your server name\Prtocols\SMTP\Default SMTP Virtual Server\Right click-Properties\Advanced\Edit and check all three boxes. If you don’t check these boxes that recipient filter for one does not work.


I like to set the FQDN in the Default SMTP Virtual Server. Go to Delivery and Advanced. Sometimes other servers may block email if you do not have this populated with the same record as your MX record. Of course this brings up the question of what happens if your Exchange server is responsible for 2 or more email domains? I do not know that answer. It seems like a silly way to authenticate.


I check make sure that in Default SMPT Virtual Server\Access\Relay that I clear the checkmark for  all computers which successfully authenticate. You only need this if you have external users that are sending against your box without using Outlook or OWA. I never have anyone doing this so I clear it always. It reduces the chances of a spammer guessing an account and password and spamming against your server.


Use “strong“ passwords. There is great debate on this but at least try. I like 8 characters and complex. In SBS there is a password wizard. In AD it just a few clicks to enable.


Get your isp to make a reverse dns entry. They should know what this means. AOL and other businesses may only accept email if you have a reverse dns entry. See www.dnsstuff.com for some cool testing tools and more answers.


There are gazillions of articles at Microsoft.


http://support.microsoft.com/?kbid=886208


http://support.microsoft.com/default.aspx?scid=KB;EN-US;324958


 


mail relay settings Kind of complex article


http://support.microsoft.com/default.aspx?scid=kb;en-us;895853


 


Telnet to test your port 25


http://support.microsoft.com/default.aspx?scid=kb;en-us;153119


 


Anti spam for Exchange 2000. I always clear that checkbox that allows authenticated users to relay.


http://support.microsoft.com/default.aspx?scid=kb;en-us;319356



This guy has lots of great articles. Here is one on Mail eXcahnge records.Yes that is typed correctly. Think MX.http://www.petri.co.il/configure_mx_records_for_incoming_smtp_email_traffic.htm


 


 


 


 


 

One thought on “Exchange settings to reduce traffic, lessen spam attacks or relay attacks.

Leave a Reply

Your email address will not be published. Required fields are marked *