locked
Help Preventing BackScatter and Sender Callouts RRS feed

  • Question

  • Hi all,

    We run Exchange 2007 on Windows 2003 machines.  I recently found out we were on a blacklist (backscatterer.org).  These guys put people on their black list for two reasons:

    1.  Backscatter
    2.  Sender Callouts

    To prevent backscatter one must ensure their email server sends Non-Delivery Reports to local users only.  Unacceptable email from anywhere else should be rejected.  I think I corrected this by doing the following:  Within EMC I went to Organization Configuratoin -> Hub Transport -> Remote Domains tab -> properties on Default -> Format of original message sent as attachment to journal report tab -> un-checked allow non-delivery reports.  Does this sound right?  Is there more I have to do?  I really haven't tweaked alot of the default Exchange settings and I want to be sure we no longer do backscatter.

    As far as sender callouts go, I'm still not sure what those are.  Anybody have any info on them?

    Any help is appreciated.
    Friday, September 25, 2009 1:42 PM

Answers

All replies

  • Hi,

    That's an option another option will be to add the anti-spam agents to the hub server and configure the recipient filter to check if the user exists in the GAL. If the user does not exist in the GAL it will give the 550 5.1.1 User Unknown error. According to http://www.backscatterer.org/?target=backscatter this should also be OK.

    Regards,

    Johan
    blog: www.johanveldhuis.nl
    • Marked as answer by Allen Song Tuesday, October 6, 2009 8:11 AM
    Friday, September 25, 2009 2:14 PM
  • Your best prevention against backscatter and getting yourself on blacklists is to do recipient filtering against AD and not accept messages for users who do not exist:
    http://technet.microsoft.com/en-us/library/bb201691.aspx

    http://technet.microsoft.com/en-us/library/bb125187.aspx




    • Marked as answer by Allen Song Tuesday, October 6, 2009 8:11 AM
    Friday, September 25, 2009 2:17 PM
  • Yes that is correct.

    Correct steps for your reference

    • Open the Exchange Management Console
    • Expand the Organization Configuration folder
    • Click on Hub Transport
    • Select Remote Domains
    • Right-click the Default tab
    • Click on the Message Format
    • to turn off NDR's uncheck Allow non-delivery reports

    Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|
    Friday, September 25, 2009 2:17 PM
    • to turn off NDR's uncheck Allow non-delivery reports

    Vinod |CCNA|MCSE 2003 +Messaging|MCTS|ITIL V3|

    I just stumbled upon this thread and would like to add some info:

    disabling NDR's is not recommended. NDR's are part of the official mailstandards (in particular RFC 2821; see below). If you disable NDR's then your mailserver is not correctly configured and you might even get blacklisted because of malconfiguration (some blacklists use this a one of their criteria).

    Recipient filtering is therefore a better option. There might be scenario's where you might want to acknowledge that a user is indeed part of your organisation but reject later and send an NDR (f.e. when a user mailbox has reached maximum capacity).

    I however have the same problem with a listing in backscatterer.org, even after enabling recipient filtering. This mechanism is therefore not fool-proof and I'm still searching for the hole in my system.

    Regards,

    Geert

     

     RFC 2821, Section 3.7 - Relaying:

    If an SMTP server has accepted the task of relaying the mail and
    later finds that the destination is incorrect or that the mail cannot
    be delivered for some other reason, then it MUST construct an
    "undeliverable mail" notification message and send it to the
    originator of the undeliverable mail (as indicated by the reverse-
    path).

    Tuesday, July 13, 2010 9:45 PM