Dynamic IP Detection Issues
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
Dynamic IP Detection Issues - 26.Jul.2008 1:53:36 AM
|
|
|
avi_ei
Posts: 2
Joined: 26.Jul.2008
Status: offline
|
Hello all,
I have the GFI MailEssetials 12 installed on my SBS2003 box.
Lately I've been noticed by my users that there's legitimate messages that are marked as DNSBlackList.
When I've looked checked the DNSBlackList log on the server, i saw that many messages that are spam are marked as Dynamic IP detected & Dynamic IP Detected dnsbl.sorbs.net BUT there are also legitimate messages marked for those reasons.
The strange thing is that yesterday i've got 2 messages that were sent to me by a service on the SBS (i configured it a long time ago) and where never marked as spam. yesterday messages were marked as spam, one as Dynamic IP detected, and the other one as Dynamic IP Detected dnsbl.sorbs.net ! how can it be ? those messages were sent from a service on my SBS !
My Questions are:
* Is it right that messages are marked as Dynamic IP because the botnet/zombie option enabled ?
* How can it be that messages that are send from my internal server are marked as Dynamic IP ?
* How can i verify why my incoming legitimate messages are marked as Dynamic IP ?
* Is there a chance that my ISP is causing the trouble ? they are marked somewhere ?
Need any suggestion or idea cause now i've disabled the botnet/zombie detection and because in general it catches the most spam messages we expected to receive a large ammount of spam.
Thank you
|
|
|
|
|
RE: Dynamic IP Detection Issues - 27.Jul.2008 1:19:12 PM
|
|
|
John Letourneau
Posts: 1124
Joined: 28.Apr.2008
From: Clayton, NC
Status: offline
|
avi_ei,
The Botnet/Zombie check does indeed look to dnsbl.sorbs.net for the lookups and does act against dynamic IP addresses. This is the fuction of this module. I'd recommend going to http://www.au.sorbs.net/lookup.shtml and putting in your IP to see if you are listed. Take a close look at the header of the message from your SBS box to verify that it did actually come from your IP as well and was not relayed through another server for some reason.
_____________________________
Regards,
John Letourneau - Senior Technical Support Representative
GFI Software - www.gfi.com
|
|
|
|
|
RE: Dynamic IP Detection Issues - 28.Jul.2008 2:26:49 AM
|
|
|
avi_ei
Posts: 2
Joined: 26.Jul.2008
Status: offline
|
Hello John
I have some updates about my issue.
It appears that the issue begun after we've added a public DNS server to our DNS forwarders.
I've noticed a large amount of legitimate messages marked as spam (even all messages from gmail for instance).
Like I've wrote, right after I've removed that public DNS server, the issue was resolved except of one:
* Messages from my server, sent by services are still marked as "Dynamic IP detected dnsbl.sorbs.net"
I've checked some of those headers and they come directly from my server (the one were the GFI is installed on).
Also I've checked that my mail server isn't listed anywhere, although in the header the server address is it's internal address cause it been sent inside my network.
Can you see any reason why my services messages sent by the server are still marked as "Dynamic IP detected dnsbl.sorbs.net" ?
Thank You very much.
|
|
|
|
|
RE: Dynamic IP Detection Issues - 28.Jul.2008 9:03:15 AM
|
|
|
John Letourneau
Posts: 1124
Joined: 28.Apr.2008
From: Clayton, NC
Status: offline
|
avi_ei,
It's possible that when you had the public DNS server configured these messages were marked as spam and entered our cache. If you open a command prompt and run "iisreset" without the quotes it will clear the cache for you. Give that a shot and let me know how it goes.
_____________________________
Regards,
John Letourneau - Senior Technical Support Representative
GFI Software - www.gfi.com
|
|
|
|
|
RE: Dynamic IP Detection Issues - 26.Sep.2008 6:30:32 PM
|
|
|
DHSadmin
Posts: 1
Joined: 24.Sep.2008
Status: offline
|
I have a similar issue / question. We have an Exchange server and some of the users are remote, travel, or occasionally work from home. If/when these users send emails to other users on the Exchange from a dynamic IP, their emails are being processed as spam via the DNS Blacklist module because I have the botnet/zombie option enabled.) I use a separate SMTP virtual server for these remote users in my Exchange server. I have unchecked that Virtual server in the Bindings tab of the General Properties window in GFI ME but it is processing emails coming in from that SMTP Virtual Server any way. Is there something else I need to do make it work (i.e. not process emails that come in on that Virtual Server)?
|
|
|
|
|
RE: Dynamic IP Detection Issues - 29.Sep.2008 9:21:49 AM
|
|
|
John Letourneau
Posts: 1124
Joined: 28.Apr.2008
From: Clayton, NC
Status: offline
|
DHSadmin,
Open a command prompt and run IISRESET. This will force GFI MailEssentials to reload its configuration.
_____________________________
Regards,
John Letourneau - Senior Technical Support Representative
GFI Software - www.gfi.com
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
