|
|
You're in the
iis smtp nntp
group:IIS 5's SMTP and Stopping NDR's ?
iis smtp nntp:
I'm running IIS 5.0 on Windows 2000 AdvSrvr and am wondering how I can get it to stop sending NDR reports. What's happening is that a lot of people send SPAM to my server (to non-existent addresses) and then the SMTP service sends an NDR back to them to let them know that the account does not exist. The problem is that they never use a real address and so it's all just a waste of traffic. Is there a way to stop IIS's SMTP service from sending NDR's ? Thanks! Dave
[quoted text, click to view]
> What's happening is that a lot of people > send SPAM to my server (to non-existent addresses)... There is little reason for a contemporary MX to accept mail for non-existent addresses. Your problem starts there. What is it that prevents you from loading a recipient list and using a transport event sink to reject at the connection level? The issue of suppressing NDRs -- accepting, then later bit-bucketing, messages firmly identified as spam -- is different. That's the "Bouncing spam is bad netizenship/bouncing spam makes you complicit in Joe Jobs" vs. "Not bouncing undelivered messages breaks the RFCs/you can never be sure enough of spamminess" debate. *That* debate has swung strongly in favor of the first position for several years. --Sandy
[quoted text, click to view] "Sanford Whiteman" <swhitemanlistens-software@cypressintegrated.com> wrote in message news:op.tsw7zyv46c17zw@gw02.broadleaf.local... > > What's happening is that a lot of people > > send SPAM to my server (to non-existent addresses)... > > There is little reason for a contemporary MX to accept mail for > non-existent addresses. Your problem starts there. What is it that > prevents you from loading a recipient list and using a transport event > sink to reject at the connection level? I didn't know that could be done. Can you elaborate on how this is accomplished using Exchange 2000 and a separate SMTP machine as a relay? If I can get the mail server to just reject all connection attempts to non-existant mailboxes that would be a lot better :-) [quoted text, click to view] > > The issue of suppressing NDRs -- accepting, then later bit-bucketing, > messages firmly identified as spam -- is different. That's the "Bouncing > spam is bad netizenship/bouncing spam makes you complicit in Joe Jobs" vs. > "Not bouncing undelivered messages breaks the RFCs/you can never be sure > enough of spamminess" debate. *That* debate has swung strongly in favor > of the first position for several years. I don't know much about that - all I know is that my IIS 5 SMTP machine is kindly sending NDR reports for every email it receives that is not addressed to an existing mailbox. Of course, the account used to send the mail does not exist so it's a waste for everyone. [quoted text, click to view] > > --Sandy >
[quoted text, click to view] "Sanford Whiteman" <swhitemanlistens-software@cypressintegrated.com> wrote in message news:op.tsx98ybz6c17zw@gw02.broadleaf.local... > > I didn't know that could be done. Can you elaborate on how this is > > accomplished using Exchange 2000 and > > a separate SMTP machine as a relay? If I can get the mail server to just > > reject all connection attempts to non-existant mailboxes that would be a > > lot > > better :-) > > 5xxSink is a transport event sink specifically designed for the rejection > of > unknown recipients at the MX. > > Download: > > http://www.imprimia.com/products/software/freeutils/5xxsink/download/release > > Be sure to go over the README and RELNOTES in-depth. Thanks for the link - it's exactly what I'm after and as you've pointed out (and educated me in the process) it's the preferred solution :-) Funny thing - when I copy and paste the following I got an error (due to syntax) cscript smtpreg.vbs /add 1 oninboundcommand 5xxsink 5xxsink.sink "rcpt" but when I manually entered the command it worked :-) [quoted text, click to view] > > > I don't know much about that - all I know is that my IIS 5 SMTP machine > > is > > kindly sending NDR reports for every email it receives that is not > > addressed > > to an existing mailbox. Of course, the account used to send the mail does > > not exist so it's a waste for everyone. > > Quite so. For you, the waste is abetted by accepting the mail in the > first place. *Just* because something was sent to a nonexistent > mailbox doesn't mean it was spam -- as such user errors occur, in > small but non-negligible quantity, all the time. Agreed - although you know more about this then I do :-) [quoted text, click to view] > > Your server is absolutely correct to generate an NDR by default, in > the absence of any spam detection at that level. When the sender is > legit, the NDR is invaluable. Agreed - it would be a shame to cut that functionality due to spam [quoted text, click to view] > > When the sender is forged or does not exist, the NDR is extremely > problematic, one the first hand making you complicit in Joe Jobs, and > on the second resulting in postmaster messages (double-bounce > notifications). But not anymore..... :-) Thank you very much Sandy - I appreciate the education and also the better way to resolve the issue. Much appreciated! [quoted text, click to view] > > --Sandy
Hi Sandy - I might have spoken too soon :-0
I noticed after installing 5xxxsink no mail was flowing either in or our of the server. Careful checking showed these errors in the event log; Event ID 7031 The IIS Admin Service service terminated unexpectedly. It has done this 13 time(s). The following corrective action will be taken in 1 milliseconds: Run the configured recovery program. Event ID 7031 The Simple Mail Transport Protocol (SMTP) service terminated unexpectedly. It has done this 13 time(s). The following corrective action will be taken in 0 milliseconds: No action. Event ID 7031 The World Wide Web Publishing Service service terminated unexpectedly. It has done this 12 time(s). The following corrective action will be taken in 0 milliseconds: No action. Event ID 2 IIS stop command received from user NT AUTHORITY\SYSTEM. The logged data is the status code. For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp. Event ID 1 IIS start command received from user NT AUTHORITY\SYSTEM. The logged data is the status code. For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp. and then they start over again. Un-installing 5xxsink re-enabled mail to flow again and stopped the error logs from filling up with these messages. Any ideas on why that would happen? I'm running Windows 2000 AS with all updates installed. [quoted text, click to view] "Dave Onex" <dave@onex.com> wrote in message news:uYUm529nHHA.4424@TK2MSFTNGP03.phx.gbl... > > "Sanford Whiteman" <swhitemanlistens-software@cypressintegrated.com> wrote > in message news:op.tsx98ybz6c17zw@gw02.broadleaf.local... > > > I didn't know that could be done. Can you elaborate on how this is > > > accomplished using Exchange 2000 and > > > a separate SMTP machine as a relay? If I can get the mail server to just > > > reject all connection attempts to non-existant mailboxes that would be a > > > lot > > > better :-) > > > > 5xxSink is a transport event sink specifically designed for the rejection > > of > > unknown recipients at the MX. > > > > Download: > > > > > http://www.imprimia.com/products/software/freeutils/5xxsink/download/release > > > > Be sure to go over the README and RELNOTES in-depth. > > Thanks for the link - it's exactly what I'm after and as you've pointed out > (and educated me in the process) it's the preferred solution :-) > > Funny thing - when I copy and paste the following I got an error (due to > syntax) > > cscript smtpreg.vbs /add 1 oninboundcommand 5xxsink > 5xxsink.sink "rcpt" > > but when I manually entered the command it worked :-) > > > > > > I don't know much about that - all I know is that my IIS 5 SMTP machine > > > is > > > kindly sending NDR reports for every email it receives that is not > > > addressed > > > to an existing mailbox. Of course, the account used to send the mail > does > > > not exist so it's a waste for everyone. > > > > Quite so. For you, the waste is abetted by accepting the mail in the > > first place. *Just* because something was sent to a nonexistent > > mailbox doesn't mean it was spam -- as such user errors occur, in > > small but non-negligible quantity, all the time. > > Agreed - although you know more about this then I do :-) > > > > > Your server is absolutely correct to generate an NDR by default, in > > the absence of any spam detection at that level. When the sender is > > legit, the NDR is invaluable. > > Agreed - it would be a shame to cut that functionality due to spam > > > > > When the sender is forged or does not exist, the NDR is extremely > > problematic, one the first hand making you complicit in Joe Jobs, and > > on the second resulting in postmaster messages (double-bounce > > notifications). > > But not anymore..... :-) > Thank you very much Sandy - I appreciate the education and also the better > way to resolve the issue. Much appreciated! > > > > > --Sandy > >
[quoted text, click to view]
> I didn't know that could be done. Can you elaborate on how this is > accomplished using Exchange 2000 and > a separate SMTP machine as a relay? If I can get the mail server to just > reject all connection attempts to non-existant mailboxes that would be a > lot > better :-) 5xxSink is a transport event sink specifically designed for the rejection of unknown recipients at the MX. Download: http://www.imprimia.com/products/software/freeutils/5xxsink/download/release Be sure to go over the README and RELNOTES in-depth. [quoted text, click to view] > I don't know much about that - all I know is that my IIS 5 SMTP machine > is > kindly sending NDR reports for every email it receives that is not > addressed > to an existing mailbox. Of course, the account used to send the mail does > not exist so it's a waste for everyone. Quite so. For you, the waste is abetted by accepting the mail in the first place. *Just* because something was sent to a nonexistent mailbox doesn't mean it was spam -- as such user errors occur, in small but non-negligible quantity, all the time. Your server is absolutely correct to generate an NDR by default, in the absence of any spam detection at that level. When the sender is legit, the NDR is invaluable. When the sender is forged or does not exist, the NDR is extremely problematic, one the first hand making you complicit in Joe Jobs, and on the second resulting in postmaster messages (double-bounce notifications).
Aha! That was it.I just followed the steps in the readme without really
looking closely at the relnotes file so I missed the requirement for the prescan.txt file :-) Thanks for your help with solving this issue - I've tested it a number of different ways and it's good now and doing exactly what I was after. Have a great weekend! Best; Dave [quoted text, click to view] "Sanford Whiteman" <swhitemanlistens-software@cypressintegrated.com> wrote in message news:op.tsyg1l0e6c17zw@gw02.broadleaf.local... > > Any ideas on why that would happen? I'm running Windows 2000 AS with all > > updates installed. > > Did you make sure you have the two files prescan.txt and rcptlist.txt in > place in the expected location? > > I'm not aware of any known issues with the current release. > > --Sandy
[quoted text, click to view]
> Any ideas on why that would happen? I'm running Windows 2000 AS with all > updates installed. Did you make sure you have the two files prescan.txt and rcptlist.txt in place in the expected location? I'm not aware of any known issues with the current release.
[quoted text, click to view]
> Funny thing - when I copy and paste the following I got an error (due to > syntax) > > cscript smtpreg.vbs /add 1 oninboundcommand 5xxsink > 5xxsink.sink "rcpt" > > but when I manually entered the command it worked :-) There are CRLFs in the manual (due to wrapping) which will make the command unparseable if you cut-and-paste. :)
[quoted text, click to view]
> Thanks for your help with solving this issue - I've tested it a number of > different ways and it's good now and doing exactly what I was after. Excellent. Enjoy.
Hi Sandy;
I think I spoke too soon again - doh! I checked the IIS 5 SMTP server today and it's still sending NDR's to people who try to send mail to a non-existant mailbox. I checked the prescan.txt file and it contains only a list of my domains (ie: @someone.net) each one on a separate line with a CR at the end. The rcptlist.txt file only contains the 4 email addresses that are actually valid for my Exchange server. Yet the Queue folder contains several hundred emails. Looking closer at them shows they are NDR reports for emails sent to non-existant users (one's not listed in the rcptlist.txt file). My understanding was that the sink program dropped all connections when they tried to send mail to a non-existant user. Maybe I misunderstood or have configured something incorrectly? Any ideas on what I've done wrong? [quoted text, click to view] "Sanford Whiteman" <swhitemanlistens-software@cypressintegrated.com> wrote in message news:op.tsyqupnf6c17zw@gw02.broadleaf.local... > > Thanks for your help with solving this issue - I've tested it a number of > > different ways and it's good now and doing exactly what I was after. > > Excellent. Enjoy. > > --Sandy
Hi Sandy!
Edited in line below :-) [quoted text, click to view] "Sanford Whiteman" <swhitemanlistens-software@cypressintegrated.com> wrote in message news:op.ts32iljj6c17zw@gw02.broadleaf.local... > > My understanding was that the sink program dropped all connections when > > they > > tried to send mail to a non-existant user. Maybe I misunderstood or have > > configured something incorrectly? > > Your understanding is correct! But obviously something is wrong in your > installation. That wouldn't surprise me :-) I re-checked to ensure the dll is regeistered (it is) as well as the BINDing - it is. Also the two files exist and are properly set so it's got to be me :-) [quoted text, click to view] > > First, does your server only allow relaying to those same domains (this > setting is at the IIS level)? I set up the server to allow relaying for anyone in the 192.168.1.0 -- .255 class c set rather then by domain. I'm just about the only person on the network so it should be safe (as far as someone using my SMTP server as a relay). [quoted text, click to view] > > Second, what do you see in your logs for these sessions? Here's an example of someone using aqvdgkqrgo as the user (which does not exist). That same username is spread throughout my logs like you wouldn't believe :-( The background on the network is this; Firewall ---> IIS5 SMTP machine ---> Exchange Server (with SMTP connector going to the IP Address of the IIS5 Machine) 2007-05-27 21:23:25 68.163.220.23 pool-68-163-220-23.bos.east.verizon.net SMTPSVC1 DB 192.168.1.70 0 HELO - +pool-68-163-220-23.bos.east.verizon.net 250 0 43 44 172 SMTP - - - - 2007-05-27 21:23:25 68.163.220.23 pool-68-163-220-23.bos.east.verizon.net SMTPSVC1 DB 192.168.1.70 0 MAIL - +FROM:+<sales@rotcev.com> 250 0 41 29 0 SMTP - - - - 2007-05-27 21:23:25 68.163.220.23 pool-68-163-220-23.bos.east.verizon.net SMTPSVC1 DB 192.168.1.70 0 RCPT - +TO:+<aqvdgkqrgo@askmarvin.ca> 250 0 36 34 0 SMTP - - - - 2007-05-27 21:23:26 68.163.220.23 pool-68-163-220-23.bos.east.verizon.net SMTPSVC1 DB 192.168.1.70 0 DATA - +<750a01c7a0a4$057a7169$17dca344@pool-68-163-220-23.bos.east.verizon.net> 250 0 156 834 359 SMTP - - - - 2007-05-27 21:23:26 68.163.220.23 pool-68-163-220-23.bos.east.verizon.net SMTPSVC1 DB 192.168.1.70 0 QUIT - pool-68-163-220-23.bos.east.verizon.net 240 1625 64 4 0 SMTP - - - - [quoted text, click to view] > > Contact me off-list if you want and we can get this fixed up. I'm going > out of town for a few days starting tomorrow, so the sooner, the better. No worries - I can wait too :-) [quoted text, click to view] > > --Sandy
[quoted text, click to view]
> My understanding was that the sink program dropped all connections when > they > tried to send mail to a non-existant user. Maybe I misunderstood or have > configured something incorrectly? Your understanding is correct! But obviously something is wrong in your installation. First, does your server only allow relaying to those same domains (this setting is at the IIS level)? Second, what do you see in your logs for these sessions? Contact me off-list if you want and we can get this fixed up. I'm going out of town for a few days starting tomorrow, so the sooner, the better.
[quoted text, click to view]
>> Contact me off-list if you want and we can get this fixed up. I'm going >> out of town for a few days starting tomorrow, so the sooner, the better. > > No worries - I can wait too :-) Dave, let's get this done. Contact me off-list so we can talk more about your environment. --Sandy
Hi Sandy;
I sent you an email about it - maybe you missed it? I'll re-send it :-) Thanks! [quoted text, click to view] "Sanford Whiteman" <swhitemanlistens-software@cypressintegrated.com> wrote in message news:op.ttkmvdgb6c17zw@gw02.broadleaf.local... > >> Contact me off-list if you want and we can get this fixed up. I'm going > >> out of town for a few days starting tomorrow, so the sooner, the better. > > > > No worries - I can wait too :-) > > Dave, let's get this done. Contact me off-list so we can talk more about > your environment. > > --Sandy > >
[quoted text, click to view]
>> Dave, let's get this done. Contact me off-list so we can talk more >> about your environment. If anybody's listening: Marvin & I discovered he had some extra newlines in the RCPTLIST.TXT. That was it -- simple fix.
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |