How to help prevent your Exchange Server 5.5 computer from being used as a relay to deliver spam e-mail

This article describes two ways to configure Exchange Server 5.5 to stop external users from trying to use the NDR feature of your e-mail server to send spam. Senders of spam can use the NDR feature of e-mail servers to send spam to recipients. This kind of incident is known as a reverse NDR attack.

To prevent someone from using your e-mail server�s NDR feature to send spam, you can set up message filtering. Or, you can reject specific IP addresses in Exchange Server 5.5.

Additionally, this article briefly describes to two other methods to help prevent spam. These two other methods are modifying the registry and using third-party tools.

The methods that you use to help control unsolicited e-mail depend on your Exchange organization and on your environment. To prevent users outside your Exchange organization from using the NDR feature of your Exchange Server 5.5 server to deliver spam, use one or both of the following methods:

�	Enable message filtering. To do this, you use the Connections tab of the Internet Mail Service connector.
�	Reject specific IP addresses. To do this, you use the Connections tab of the Internet Mail Service connector.

Note These two methods require constant monitoring and updating. The updating and the monitoring cause high administrative cost.

Or, you can use one of the following two methods instead. The following methods have lower administrative cost:

�	Modify the registry.
�	Use third-party tools.

Enable message filtering

To enable message filtering, you must install Exchange Server 5.5 Service Pack 2 (SP2) or a later version of Exchange Server 5.5 . This feature is available in the latest service pack for Microsoft Exchange Server 5.5. For additional information, click the following article number to view the article in the Microsoft Knowledge Base: You can enable message filtering to delete messages or to move messages. You can filter messages from specific e-mail addresses or from specific e-mail domains. Enabling this feature stops the delivery of ordinary e-mail and of NDR e-mail to addresses or to domains that you specify. Additionally, you can filter messages that have blank From boxes.

Filter e-mail that is sent to a specific e-mail address

1.	Start Exchange System Manager.
2.	Expand Your_Site_Name.
3.	Click Connections, and then double-click Internet Mail Service (Your_Server_Name).
4.	Click Connections.
5.	In the Accept Connections section, click Message Filtering.
6.	Click Add.
7.	In the Domain/User box, type the e-mail address. Then, click OK. For example, type someone@example.com, and then click OK.
8.	Click to select or to clear the Delete messages instead of moving to the Turf directory check box. If you click to select the check box, the messages are deleted. If you click to clear the check box, the messages are stored in a separate folder that is named Turfdir.
9.	Click OK two times.
10.	Quit Exchange System Manager.

Filter e-mail that is sent to a specific e-mail domain

1.	Follow steps 1 through 6 of the "Filter e-mail that is sent to a specific e-mail address" section of this article.
2.	In the Domain/User box, type the domain. Then, click OK. For example, type example.com, and then click OK.
3.	Click to select or to clear the Delete messages instead of moving to the Turf directory check box. If you click to select the check box, the messages are deleted. If you click to clear the check box, the messages are stored in a separate folder that is named Turfdir.
4.	Click OK two times.
5.	Quit Exchange System Manager.

Filter messages that have blank From boxes

1.	Follow steps 1 through 6 of the "Filter e-mail that is sent to a specific e-mail address" section of this article.
2.	In the Domain/User box, type a period. Then, click OK. That is, type ., and then click OK.
3.	Click to select or to clear the Delete messages instead of moving to the Turf directory check box. If you click to select the check box, the messages are deleted. If you click to clear the check box, the messages are stored in a separate folder that is named Turfdir.
4.	Click OK two times.
5.	Quit Exchange System Manager.

Reject specific IP addresses

You can reject e-mail from specific IP addresses if you know the source of unsolicited e-mail. To do this, follow these steps:

1.	Start Exchange System Manager.
2.	Expand Your_Site_Name.
3.	Click Connections, and then double-click Internet Mail Service (Your_Server_Name).
4.	Click Connections.
5.	In the Accept Connections area, click Specify by Host.
6.	Click Add.
7.	In the IP address box, type the IP address that is the source of the e-mail messages that you want to reject. That is, type xxx.xxx.xx.xx, where xxx.xxx.xx.xx is the IP address of a sender of spam.
8.	In the Mask box, type the subnet mask for the IP address that you entered in step 7. That is type, xxx.xxx.xx.xx where xxx.xxx.xx.xx is the subnet mask for the IP address that you entered in step 7.
9.	Click Reject connection from this host.
10.	Click OK three times.
11.	Quit Exchange System Manager.

Modify the registry

Additionally, you can use a registry feature in Exchange Server 5.5 to suppress NDR e-mail. For more information about how to control NDRs in Exchange Server 5.5, click the following article number to view the article in the Microsoft Knowledge Base:

Use third-party tools

Message filtering and IP address rejection measures require constant monitoring and updating. There are third-party tools that can perform similar tasks with a lower administrative cost.