MS Exchange 5.5 NDRs (from MyDoom)
From: Darryl J Roberts (DarrylJR_at_SEU.COM)
Date: 02/02/04
- Next in thread: Darryl J Roberts: "Re: MS Exchange 5.5 NDRs (from MyDoom)"
- Maybe reply: Darryl J Roberts: "Re: MS Exchange 5.5 NDRs (from MyDoom)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 2 Feb 2004 08:57:18 -0800 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Due to the MyDoom mass mailing worm (which randomly generates To:
addresses), several of our customer are experiencing an unusually high
rate of inbound SMTP traffic which is destined for an address where
there is no corresponding mailbox. Their mail server sends a
Non-Delivery Report (NDR) for each one of these messages. These NDRs
are not only putting a load on our customer's Internet access link and
the server, but a load on the Internet itself and the recipient of these
NDR (who did not send the message in the first place because the worm
spoofs the From: address). The cumulative effect of all the servers
that send NDRs for the messages generated by this mass mailing worm is
significant. Therefore, we have recommended to all of our customers to
disable sending NDRs to the Internet.
Unfortunately in Microsoft Exchange Server 5.5 there is no way to
disable sending NDRs to the Internet. Contrary to some reports, setting
"Disable Automatic Replies to the Internet" in the IMS Internet Mail
Advanced options does not disable sending NDRs to the Internet.
I have opened a support incident with Microsoft PSS (case number
SRX040131604287). The engineer assigned to this case has verified that
there is no way to disable sending NDRs in Exchange Server 5.5. I have
asked that this case be escalated and Microsoft provide this
functionality expediently.
Unfortunately Exchange Server 5.5 is now in the Extended Support phase
and there are no new non-security fixes for products in this support
phase.
If you need this functionality in Exchange Server 5.5, you might want to
contact Microsoft Product Support Services, reference the case number
above, and let them know that you also need this fix.
-- Darryl J. Roberts, MCSE, MCP+I, CompTIA CTT+, CSSA Software Engineering Unlimited, Microsoft Certified Partner PO Box 6476, Ventura, CA, USA 93006-6476 tel. 1-805-650-6030, fax 1-805-650-1835 ----- NTBugtraq Editor's Note: Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered. -----
- Next in thread: Darryl J Roberts: "Re: MS Exchange 5.5 NDRs (from MyDoom)"
- Maybe reply: Darryl J Roberts: "Re: MS Exchange 5.5 NDRs (from MyDoom)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
