Monday, 29 September 2008
Since implementing the Exchange 2007 Anti-Spam filters we have been experiencing a higher number of NDR (Non Delivery Report) messages going out as a result of spam – fortunately our second level mail filter is catching most of them (not an edge server).
We were hoping Spam messages might get silently dropped but some do appear to be bouncing back – not an ideal scenario especially as we don’t want to become victims of a reverse NDR attack.One option has been to use Recipient Filtering to automatically block emails sent to any unknown recipients however Exchange is still trying to bounce some back to the purported sender (I say purported because much of the Spam isn’t actually from where it says it is from).
Your message has encountered delivery problems
to the following recipient(s):unknown@somedomain.com
(Was addressed to unknown@somedomain.com)
Delivery failed
550 5.1.1 User unknownNo recipients were successfully delivered to.
Final-Recipient: rfc822; unknown@somedomain.com
Action: failed
Status: 5.1.1 (Permanent failure – addressing: bad destination mailbox address)
Remote-MTA: dns; mailserver.somedomain.com
Diagnostic-Code: smtp; 550 5.1.1 User unknown
SMTP-Remote-Recipient: unknown@somedomain.com
It isn’t a big problem thanks to our second level mail filter but it is frustrating. The odd thing is that the NDR reports are disabled on the Exchange Server (unless of course the message above isn’t technically an NDR for some reason) – as we can see in Organization Configuration -> Hub Transport -> Remote Domains.
I will try and get to the bottom of this problem and report when I found out more.
I only recently learned that the Edge Transport rules agent and the Hub Transport rules agent offered slightly different configuration options (Configuring Exchange 2007 Hub Transport role to receive Internet mail) so looking ahead, it may be prudent to implement the Edge Transport Server role for dealing with the massing amount of Spam. I heard the news recently that our current second level mail filter provider are making their platform Edge compatible which could be of benefit.
Further Reading
- Overview of Transport Rules
- Understanding How Transport Rules Are Applied in an Exchange 2007 Organization
Related
- Configuring Exchange Server 2007 Anti-Spam with Hub Transport
- How to get external messages sent from Outlook 2000 via Exchange 2007 and SMTP
- Exchange 2007 Security Features
- Getting MOSS 2007 to send emails to Exchange 2007
- Configuring incoming mail on MOSS 2007 and Exchange 2007



[...] the meantime I’ll be in the computer room having fun and games with Microsoft Exchange 2007 Anti-Spam filters. Have a great day! Not yet rated Loading [...]
I have the same problem!
Since implementing Exchange 2007 some users started reporting their emails to valid email addresses are getting bounced back.
Every time the message was ‘user unknown’. Every single time.
Any ideas?