Are you receiving hundreds and hundreds of SPAM messages to bogus email accounts on your Exchange? You can create a filter on your Exchange 2003 to accept only valid emails. Taken from Microsoft:

http://support.microsoft.com/default.aspx?scid=kb;en-us;823866

Specifically (step 5 below):

Create a recipient filter
When you use recipient filtering, you can prevent messages from being delivered to e-mail addresses that exist in your organization, and you can filter messages that are directed to e-mail addresses that do not exist in your organization. Recipient filtering only applies to messages that come from anonymous connections.

To create a recipient filter, follow these steps:

1. Start Exchange System Manager.

2. Expand Global Settings, right-click Message Delivery, and then click Properties.

3. Click the Recipient Filtering tab.

4. To filter e-mail based on a particular e-mail address, click Add, type the e-mail address, and then click OK.

5. To filter messages that are directed to e-mail addresses that do not exist in your organization, click to select the Filter recipients who are not in the directory check box.

Just one caveat to recipient filtering-

Recipient filtering on Exchange should be done in conjunction with tarpitting on Exchange. Without enabling Exchange tarpitting, recipient filtering can increase the spam to valid addresses as it makes it easier for a spammer to determine what the valid addresses are through a Directory Harvest Attack. Enabling recipient filtering along with tarpitting on Exchange should eliminate e-mail received for bogus addresses and make it much more time consuming (risky, expensive, etc) for a spammer to determine valid addresses.

More info in Microsoft KB articles 842851 & 899492

http://support.microsoft.com/kb/842851/en-us
http://support.microsoft.com/kb/899492/en-us

Hope this helps,

Doug
www.vbcnetworks.com

Thank you for that one!

I've asked so many questions over the past few days that I was just glad to find something that I could contribute a little more information to!

Doug
www.vbcnetworks.com

Probably a little late to tag onto this topic, but here goes anyway.

With 6.0.1, I am going through the hassle of creating a quarantine rule for every email address on our domain (200 at last count). This way, my quarantine does not fill up with messages for random addresses created with directory harvesting attacks. However, unless I do *@domain.com, any emails to unlisted addresses will pass to my Exchange Server for further processing.

Is there any way to verify the legitimacy of an email address before it is deposited into a quarantine? I would prefer to not see the random generated addresses in the quarantine list when I try to go through and manually purge items. Call me anal.

I've been lazy here lately of trying to find a way to make exim just drop an email destined for an invalid email address of the mail server. Previously I had a maia/amavisd box that I could ftp a file to with valid email addresses, which cut down tremedously on the workload of the maia box. So far though I have not got an answer and haven't stumbled across a way to configure it or it just hasn't clicked in my mind.

I gave up on entering all of the email addresses manually. It was way too slow. Fortunately, one of our domains only has 4 valid email addresses, so I did configure that one to only quarantine those emails.

I also caved into pressure from employees who do not like seeing daily quarantine messages and configured them to redirect to spam@domain.com. That mailbox is set to automatically delete messages. This prevents me from having to go through them and the users from having to see them.

With a volume of 2.354 million email messages per week (99.39% of them being blocked by Untangle's spam filter), I hope that I do not run out of hard drive space due to quarantines. There should be some form of directory harvest filter, especially for those of us with the AD plugin, but I don't see anything out there yet. Maybe I am just not thinking it through thoroughly.