Fixing backscatter on Exchange 2010

The default installation of exchange 2010 on small organizations will use the hub transport server to handle the smtp mail. The problem with this setup is twofold, Exchange 2010 STILL uses stone gae defaults for NDR messages, and for unknown recipients by accepting any mail and then sending non deliverable reports. This opens up your server to backscatter problems. To fix this, you need two things:

  • Exchange should never create a NDR message for external adresses
  • Exchange should never accept messages for users not in the active directory

The first step is simply toggling a switch, oulined below:

  • Open the exchange management console
  • Select the Hub transport from the organization configuration
  • Select Remote Domains
  • Disable “Allow non delivery reports”

However, mail for unknown users will now be silently discarded and someone genuinely mis addressing will never be notified of his mistake. To correct this, you need to configure exchange to NOT accept mail for unknown users in the first place. (which any sane mail server should have its default…)

  • Run the administration shell and enable the anti spam features as described here http://technet.microsoft.com/en-us/library/bb201691%28EXCHG.140%29.aspx by running the ./install-AntispamAgents.ps1 script in the %system drive%/Program Files\Microsoft\Exchange Server\V14\Scripts folde
  • Restart the MS Exchange transport service
  • Use the exchange shell to configure the iternal ip/ips for your server: set-transportconfig -InternalSmtpServers your.ip.goes.here

You now have an anti-spam tab in your hub transport configuration, check that the “recipient filtering” option is enabled.