wolflord 0 Posted March 28, 2017 Share Posted March 28, 2017 (edited) Hi All, A customer of mine has Exchange Mail Security 6.4 installed and integrated with Exchange 2010. Spammers keep sending emails to addresses that do not exist in the Exchange environment...this is causing the Exchange server to send NDR's back. From what I understand, this is considered a reverse NDR attack. How can I configure Exchange Mail security to just drop emails that are going to addresses that do not exist in Exchange? I understand within the Exchange Management Console, there is a way of filtering recipients and blocking emails going to addresses that do not exist in the directory. Is there a way of setting this up within ESET Mail Security? Edited March 28, 2017 by wolflord Link to comment Share on other sites More sharing options...
ESET Staff filips 44 Posted March 29, 2017 ESET Staff Share Posted March 29, 2017 Hi wolflord, You can use mail transport rules to achieve this, e.g.: Conditions: Internal message - False Recipient validation result - is - Contains invalid recipients Recipient validation result - is not - Contains valid recipients Actions: Log to events/Drop/Reject I suggest to do some testing with "Log to events" or "Reject message" action for some time and check logs if the rule works correctly. NOTE: Drop message action has one disadvantage - if a sender makes a typo in the email address, even a valid mail will be dropped (e.g. john.doe@mydomain.com vs. jonh.doe@mydomain.com) Link to comment Share on other sites More sharing options...
Recommended Posts