Heaps of spam getting through since updating build
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
Heaps of spam getting through since updating build - 1.Jun.2008 7:15:06 PM
|
|
|
David99
Posts: 16
Joined: 3.Oct.2007
Status: offline
|
Hi guys,
We recently updated from an older 07 version to 20080508 of GFI MailEssentials 12 (exchange 2003 server, perimeter server) to take advantage of the 'mail returned' spam feature (updated the registry as per guide), but since doing so have seen a large increase in the amount of 'regular' spam passing through.
It seems the amount of spam caught by our DNS, Dynamic IP and Phishing filters have reduced by more than 1/7th, yet out Bayesian captures have tripled. I have checked, and also reset the module priorities ensuring that Bayesian is one of the last scans to take place. Currently phishing is 5, dns 7, url 8, Bayesian 10.
Looking at the mail monitor logs, It is definitely processing the spam that's making its way through i.e. item processed ok.
The only DNS blacklist we have setup is zen.spamhaus.org. We have tried enabling bl.spamcop as well but it doesn't help.
The URL realtime list we enable is only multi.surbl.org
Sorbs check is enabled.
None of these domains/words exist in any of our whitelists.
New senders and IP whitelist are the only features disabled atm.
We have restarted the server since applying this new patch - no difference.
Here's some headers of the spam we received this morning, which passed through all filters and ended up in a users mailbox:
Microsoft Mail Internet Headers Version 2.0
Received: from 201.43.14.240 ([201.43.14.240]) by mail.mydomain.com with Microsoft SMTPSVC(5.0.2195.6713);
Mon, 2 Jun 2008 08:16:14 +1000
Message-ID: <001701c8c41b$b72ab690$00e19acc@lucasddcd7ba77>
From: "Dianne Bailey" <nvqcombination@bmwgroup.com>
To: "Sales" <sales@mydomain.com>
Subject: Health world
Date: Sun, 1 Jun 2008 19:14:29 -0300
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0014_01C8C41B.B72AB690"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1158
X-Antivirus: avast! (VPS 080601-0, 01/06/2008), Outbound message
X-Antivirus-Status: Clean
Return-Path: nvqcombination@bmwgroup.com
X-OriginalArrivalTime: 01 Jun 2008 22:16:15.0148 (UTC) FILETIME=[1B5D76C0:01C8C435]
Microsoft Mail Internet Headers Version 2.0
Received: from dsl88-233-39052.ttnet.net.tr ([88.233.152.140]) by mail.mydomain.com with Microsoft SMTPSVC(5.0.2195.6713);
Mon, 2 Jun 2008 06:27:07 +1000
Received: from yspeo ([76.44.59.90])
by dsl88-233-39052.ttnet.net.tr (8.13.3/8.13.3) with SMTP id m51KRh1P014842;
Sun, 1 Jun 2008 23:27:43 +0300
Message-ID: <484305AD.7080102@helvea.com>
Date: Sun, 1 Jun 2008 23:25:17 +0300
From: <lupelares@helvea.com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: postmaster@mydomain.com
Subject: Even Brad Pitt takes blue pilules!
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-Path: lupelares@helvea.com
X-OriginalArrivalTime: 01 Jun 2008 20:27:07.0762 (UTC) FILETIME=[DCD1A520:01C8C425]
Microsoft Mail Internet Headers Version 2.0
Received: from ivlsxsp ([168.187.234.249]) by mail.mydomain.com with Microsoft SMTPSVC(5.0.2195.6713);
Mon, 2 Jun 2008 00:06:33 +1000
Received: from [227.184.217.54] (helo=wkz)
by ivlsxsp with smtp (Exim 4.62 (FreeBSD))
id 1K3%D-0004WK-Ch; Sun, 1 Jun 2008 17:08:09 +0300
Message-ID: <4842AC7F.1060007@voile-bretagne.com>
Date: Sun, 1 Jun 2008 17:04:47 +0300
From: <sylvain.lebeau@voile-bretagne.com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: user@mydomain.com
Subject: 10 mistakes every man makes.
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Return-Path: sylvain.lebeau@voile-bretagne.com
X-OriginalArrivalTime: 01 Jun 2008 14:06:33.0764 (UTC) FILETIME=[B2B20E40:01C8C3F0]
Any suggestions greatly appreciated.
Thank you.
< Message edited by David99 -- 1.Jun.2008 7:23:51 PM >
|
|
|
|
|
RE: Heaps of spam getting through since updating build - 2.Jun.2008 10:53:33 AM
|
|
|
mnwolftrack
Posts: 70
Joined: 8.Feb.2005
Status: offline
|
I'm seeing something as well. I upgraded on the 23rd of last month, and I can see it when running the reports because the general totals for the daily spam catches for each filter have changed. For instance, DNS Black list used to catch anywhere from 1500 to 2200 every day. Once I made the upgrade, its catching less than 30 a day. Bayesian used to only catch 30-70 a day, now it's catching 200-300. Spam URL blacklist used to catch 100-200 a day. Now it's catching 1500-1700. Mind you, these numbers are estimates. Not that SPAM is predictable, but I used to be able to come in each morning and see about 5-6 spam sitting in my sub folder under the unbox where I have tagged SPAM going to, and I'd usually have 3 or 4 spam in my inbox that were missed. Now I seem to be getting about 10 in my inbox and about 20 in my subfolder. It's hard to really accurately determine how many are getting through before vs. now and whether it's filtering as well, but it sure seems to be a bit less effective.
The installation ran without any errors or problems. I even backed up and exported all settings and manually copied the entire GFI installation folder before running the upgrade, just to be safe. After the upgrade, I compared settings in each filter before and after, and everything stayed the same.
Our total E-mails received can vary anywhere between 3000 to 18000 a day, so it's hard to tell how effective the new GFI version is. We are also getting hit hard with backscatter from our valid addresses (and invalid addresses) being used to send SPAM--and we end up getting the NDR's sent back to us (even though we never sent anything out in the first place).
And to compare my settings to what you mentioned, my module order is:
Phishing URL Blacklist
Directory Harvesting
E-mail/Domain Whitelist
Keyword Whitelist
IP Whitelist
Custom Black List
DNS Blacklists
SPAM URI Realtime Blocklists
Header Checking
Keyword Checking
Bayesian Analysis
Sender Policy Framework
Regarding DNS blacklists, I have zen.spamhaus.org, bl.spamcop.net, and sbl-xbl.spamhaus.org checked. For the SPAM URI Realtime Blocklists, I only have multi.surbl.org checked.
< Message edited by mnwolftrack -- 2.Jun.2008 10:58:01 AM >
|
|
|
|
|
RE: Heaps of spam getting through since updating build - 2.Jun.2008 11:32:15 AM
|
|
|
neilc
Posts: 149
Joined: 29.Jul.2003
From: Malta
Status: offline
|
Hi,
By any chance, do you recall what was the build number of the build you upgraded from?
One of the reasons why DNSRBL might not capture a lot of SPAM is if the email is passing through one or more gateways (perimeters) prior to arriving to the MailEssentials server. MailEssentials, as of build 20071005, will process the email which has been sent to one of the perimeter servers in MailEssentials. If no perimeter servers are installed, it means that the MailEssentials server is receiving email directly from the internet. The reason for this change was due to false positives which were being reported when DNSRBL was filtering every IP address found in the email's received headers. For more information on perimeter servers, please visit the following KB article: http://kbase.gfi.com/showarticle.asp?id=KBID003296
mnwolftrack: If the above issue is the problem, then it can also affect the functionality implemented in MailEssentials in build 20080508, which is meant to address backscatter.
Another thing you might want to check is if you have autowhitelist enabled. If yes, then the new build should be capable of blocking non-delivery reports of SPAM email sent to recipients unknown to your MailEssentials server. This is explained in more detail in this article: http://kbase.gfi.com/showarticle.asp?id=KBID003322
Hope this helps!
_____________________________
Neil Cassar
GFI Software
Blog-Twitter-YouTube-Facebook
|
|
|
|
|
RE: Heaps of spam getting through since updating build - 3.Jun.2008 12:08:37 PM
|
|
|
mnwolftrack
Posts: 70
Joined: 8.Feb.2005
Status: offline
|
with regards to our previous version before the upgrade, I do not recall the entire build number other than it was a 2006. I started a tech support case a couple months ago. If you really want to know what the build number is, we can probably trace it back in that case becuase I think I had to enter the build number when I FTP'd a zip file to the technician.
Oh, and the autowhitelist has always been enabled.
< Message edited by mnwolftrack -- 3.Jun.2008 12:17:33 PM >
|
|
|
|
|
RE: Heaps of spam getting through since updating build - 3.Jun.2008 7:01:28 PM
|
|
|
David99
Posts: 16
Joined: 3.Oct.2007
Status: offline
|
GFI is installed on our exchange server, which has direct internet access. It is setup as perimeter server. Nothing in regards to our server setup has changed.
The version we were using was 20070810. We then upgraded to the build prior to the current 20080508, to utilise zen.spamhaus.org. Everything was working fine with this newer build. However, after installing the latest build, 20080508, DNS is hardly doing a thing, yet Bayesian is working over time – and spam is getting through left right and centre.
To make things even more interesting, yesterday things went back to normal. DNS & Dynamic IP caught 400+ emails each, and Bayesian was around 40. However, today things have gone screwy again, with DNS and Dynamic IP on 20, Bayesian on 230 – and plenty of spam in users mailboxes.
Also, when using the 'test' button in the DNS module, it sometimes takes 5-10 seconds before coming back as succesful on the FIRST attempt. After this first attempt, every test after comes back as succesful instaneously.
Speaking to one of your reps on the phone, he believes it to be a firewall issue. However, we only encountered this problem since updating our GFI build, and our firewall has had NO changes in over 12 months.
-edit- Another note, I set my ISP's DNS server in GFI, and now Dynamic IP and URL filters appear to be fixed, and working as expected - however DNS still hasn't blocked a thing, regardless of what DNS blacklist server we select.
I can also 100% confirm the DNS module is definately not working, as I just received an unfiltered email in my mailbox from 88.146.62.46 which is listed on zen.spamhaus.
I have now disabled the DNS check in GFI, and instead set it up in ESM. It is now working, but obviously it's not ideal & only a short term fix.
< Message edited by David99 -- 5.Jun.2008 6:38:15 PM >
|
|
|
|
|
RE: Heaps of spam getting through since updating build - 4.Jun.2008 11:34:23 AM
|
|
|
retro77
Posts: 7
Joined: 12.Dec.2007
Status: offline
|
I am seeing the same issue. Running 20080508 and I am seeing a lot of spam getting through to the user's inbox. It doesn't seem like anything is being sent to their Junk E-mail folders.
Is there a way we can downgrade to a lower revision until 20080508 is fixed?
_____________________________
meh.
|
|
|
|
|
RE: Heaps of spam getting through since updating build - 5.Jun.2008 12:04:08 PM
|
|
|
mnwolftrack
Posts: 70
Joined: 8.Feb.2005
Status: offline
|
neilc,
regarding your topic of perimeter server configuration, here is what we have. We have a gateway e-mail server installed on the DMZ of a firewall that receives incoming mail first. Then, it forwards it inside our network to the Exchange server where GFI is installed. With regards to the Perimeter servers tab, the check box for "this machine is not a perimeter server" is checked because the GFI server is not directly connected to the Internet. The perimeter server IP(s) were entered using the automatic discovery feature in GFI, in which case it found the static IP of our cable modem/router. The actual IP of the gateway server was not found through automatic discovery, and I have not manually entered it. Should I? The IP of the perimeter server is not a public internet address and is not a part of our normal domain IP scheme. I should also mention that the automatic discovery finds the IP address of the exchange server and puts it in the list. but as soon as it finds it, it gives me a pop up window telling me the address was found among the list of perimeter SMTP servers and asks me if I'm sure this machine is not a perimeter server. When I click "no" becuase it's not a perimeter server, it leaves the exchange server IP address in the list. So, in theory, I could have 3 addresses in the perimeter server list (cable modem, gateway e-mail server, and exchange server w/GFI on it). What is right?
< Message edited by mnwolftrack -- 5.Jun.2008 12:13:49 PM >
|
|
|
|
|
RE: Heaps of spam getting through since updating build - 10.Jun.2008 8:03:21 PM
|
|
|
David99
Posts: 16
Joined: 3.Oct.2007
Status: offline
|
After browsing through the forums, it seems there are quite a few others affected by this same problem - also after updating to the latest build.
As mentioned previously, the DNSBL for zen is now working fine since I've set it up in Exchange, but this is a temporary fix, and not a solution to a problem specific to the latest installation of GFI here.
Are there any further recommendations, or suggestions you GFI guys can make?
< Message edited by David99 -- 10.Jun.2008 8:05:38 PM >
|
|
|
|
|
RE: Heaps of spam getting through since updating build - 11.Jun.2008 3:45:25 AM
|
|
|
neilc
Posts: 149
Joined: 29.Jul.2003
From: Malta
Status: offline
|
Hi mnwolftrack,
The automatic discovery will only obtain the MX records for the inbound domains configured in GFI MailEssentials. What GFI MailEssentials requires in the perimeter list is the IP address of the first mail server(s) receiving the email, so in your case, the IP address of the gateway e-mail server would be enough.
The following KB article explains in more detail what a perimeter is:
http://kbase.gfi.com/showarticle.asp?id=KBID003296
Hope this helps!
_____________________________
Neil Cassar
GFI Software
Blog-Twitter-YouTube-Facebook
|
|
|
|
|
RE: Heaps of spam getting through since updating build - 11.Jun.2008 4:30:12 AM
|
|
|
josephdebono
Posts: 16
Joined: 24.Sep.2007
Status: offline
|
quote:
ORIGINAL: David99
Also, when using the 'test' button in the DNS module, it sometimes takes 5-10 seconds before coming back as succesful on the FIRST attempt. After this first attempt, every test after comes back as succesful instaneously.
Hi David99,
I have a suspicion that the cause of your problem may be related to your DNS Server. Recently we have implemented a new feature in the DNS Blacklist such that if for some reason it times out when performing DNS lookups for a consecutive number of times, it will disable itself since that may cause the mail to queue up. The module will then re-enable itself after a certain number of emaisl have passed through. It will perform a single lookup to check whether the DNS Server has been fixed in which case it will enable itself permanently, or until another number of consecutive timeouts are achieved.
The DNSBL module is set to time out after about 3 - 5 seconds, and since you said that it may take up to 10 seconds to come back, even though it is a successful attempt, it may be that the DNSBL will not give it enough time to come back and consider it a timeout. If possible, could you please somehow show me the last few lines from the DNSRBL.gfi_log.txt file which is situated in the DebugLogs folder within your GFI MailEssentials directory. This will be the start to finding a solution to your problem.
In the meantime, may I suggest that you remove or disable sbl-xbl.spamhaus.org from your blacklists since zen.spamhaus.org is an aggregate of all lists on spamhaus.org and therefore it would be a useless lookup if zen is already listed. Please check this link on spamhaus.org for more information.
_____________________________
Regards,
Joseph DeBono
GFI Software Ltd - www.gfi.com
Messaging, Content Security & Network Security Software
GFI: MailEssentials - MailSecurity - MailArchiver - FAXmaker - LANguard – WebMonitor
|
|
|
|
|
RE: Heaps of spam getting through since updating build - 11.Jun.2008 8:11:53 PM
|
|
|
David99
Posts: 16
Joined: 3.Oct.2007
Status: offline
|
Joseph,
Ok, I have just disabled zen.spam in Exchange, and re-enabled it (and only it) in GFI DSNBL. Sorbs Dynamic IP check however is also enabled.
From the log file you mentioned it appears the both zen and sorbs are timing out with the error 301. The most recent addition to the log file is as follows:
Tag: 0 Exchange: Inbox/DNSBlackList>"
2008-06-12,09:34:24,005,3,"#000004f0","#00001fd4","info ","DNSRBL","::MTAM_ProcessMessage"
2008-06-12,09:34:24,005,3,"#000004f0","#00001fd4","info ","DNSRBL",",>> ProcessMessage [this = 0X25FD22A0]"
2008-06-12,09:34:24,005,3,"#000004f0","#00001fd4","info ","DNSRBL","Version: DNSRBL - Version 15"
2008-06-12,09:34:24,005,3,"#000004f0","#00001fd4","info ","DNSRBL","Retrieved channel database connection"
2008-06-12,09:34:24,005,3,"#000004f0","#00001fd4","info ","DNSRBL","INFO: Subject: Blue sexy pill - $0.{_2SYMBCHAR}"
2008-06-12,09:34:24,005,3,"#000004f0","#00001fd4","info ","DNSRBL","INFO: From: "Jeffry Medina" <tell@cum.qc.ca>"
2008-06-12,09:34:24,005,3,"#000004f0","#00001fd4","info ","DNSRBL","INFO: Sender: "
2008-06-12,09:34:24,005,3,"#000004f0","#00001fd4","info ","DNSRBL","INFO: MessageID: <01c8cc66$d9087600$603269d2@tell>"
2008-06-12,09:34:24,005,3,"#000004f0","#00001fd4","info ","DNSRBL","INFO: Content type: multipart/alternative; boundary="----=_NextPart_000_0006_01C8CC66.D9087600"; charset="us-ascii""
2008-06-12,09:34:24,005,3,"#000004f0","#00001fd4","info ","DNSRBL","INFO: SMTP Sender: tell@cum.qc.ca"
2008-06-12,09:34:24,005,3,"#000004f0","#00001fd4","info ","DNSRBL","INFO: SMTP Recipient: sales@mydomain.com"
2008-06-12,09:34:24,005,3,"#000004f0","#00001fd4","info ","DNSRBL","INFO: Mime From display name: Jeffry Medina"
2008-06-12,09:34:24,005,3,"#000004f0","#00001fd4","info ","DNSRBL","INFO: Message recipients: 1"
2008-06-12,09:34:24,005,3,"#000004f0","#00001fd4","info ","DNSRBL","Recipient 'sales@mydomain.com' belongs to a local domain (mydomain.com)"
2008-06-12,09:34:24,005,3,"#000004f0","#00001fd4","info ","DNSRBL",">> CHeaderChecking"
2008-06-12,09:34:24,005,3,"#000004f0","#00001fd4","info ","DNSRBL","Processing Message : DNS Blacklist"
2008-06-12,09:34:24,005,3,"#000004f0","#00001fd4","info ","DNSRBL","GFI_MTAMSGPROPS_CONNECTION_SERVER_IP_ADDRESS is 210.105.50.96"
2008-06-12,09:34:24,005,3,"#000004f0","#00001fd4","info ","DNSRBL","Performing Zombie Check on the following IP: 210.105.50.96"
2008-06-12,09:34:24,005,3,"#000004f0","#00001fd4","info ","DNSRBL",">> CheckZombie"
2008-06-12,09:34:24,005,3,"#000004f0","#00001fd4","info ","DNSRBL","Cache size: 1512"
2008-06-12,09:34:24,005,3,"#000004f0","#00001fd4","info ","DNSRBL","Performing lookup using provider: dnsbl.sorbs.net"
2008-06-12,09:34:24,005,3,"#000004f0","#00001fd4","info ","DNSRBL",">> DNSRBLLookupEx"
2008-06-12,09:34:24,005,3,"#000004f0","#00001fd4","info ","DNSRBL","Performing query: 96.50.105.210.dnsbl.sorbs.net"
2008-06-12,09:34:26,067,2,"#000004f0","#00001fd4","warning","DNSRBL","Error while performing query: 301"
2008-06-12,09:34:26,067,2,"#000004f0","#00001fd4","warning","DNSRBL","Description: Interrupted."
2008-06-12,09:34:26,067,3,"#000004f0","#00001fd4","info ","DNSRBL","<< DNSRBLLookupEx [0x8000000A]"
2008-06-12,09:34:26,067,3,"#000004f0","#00001fd4","info ","DNSRBL","<< CheckZombie (returning ham)"
2008-06-12,09:34:26,067,3,"#000004f0","#00001fd4","info ","DNSRBL",">> CheckOpenRelay"
2008-06-12,09:34:26,067,3,"#000004f0","#00001fd4","info ","DNSRBL","Cache size: 653"
2008-06-12,09:34:26,067,3,"#000004f0","#00001fd4","info ","DNSRBL","Checking: 210.105.50.96"
2008-06-12,09:34:26,067,3,"#000004f0","#00001fd4","info ","DNSRBL","Performing lookup using provider: zen.spamhaus.org IP: 210.105.50.96"
2008-06-12,09:34:26,067,3,"#000004f0","#00001fd4","info ","DNSRBL",">> DNSRBLLookupEx"
2008-06-12,09:34:26,067,3,"#000004f0","#00001fd4","info ","DNSRBL","Performing query: 96.50.105.210.zen.spamhaus.org"
2008-06-12,09:34:28,130,2,"#000004f0","#00001fd4","warning","DNSRBL","Error while performing query: 301"
2008-06-12,09:34:28,130,2,"#000004f0","#00001fd4","warning","DNSRBL","Description: Interrupted."
2008-06-12,09:34:28,130,3,"#000004f0","#00001fd4","info ","DNSRBL","<< DNSRBLLookupEx [0x8000000A]"
2008-06-12,09:34:28,130,3,"#000004f0","#00001fd4","info ","DNSRBL","<< CheckOpenRelay (returning ham)"
2008-06-12,09:34:28,130,3,"#000004f0","#00001fd4","info ","DNSRBL","Timeout while trying to resolve DNS lookup. 1 consecutive failures"
2008-06-12,09:34:28,130,3,"#000004f0","#00001fd4","info ","DNSRBL","Writing SpamFlag: 0"
2008-06-12,09:34:28,130,3,"#000004f0","#00001fd4","info ","DNSRBL","<< ProcessMessage [0]"
2008-06-12,09:34:28,130,3,"#000004f0","#00001fd4","info ","DNSRBL","<< CHeaderChecking"
2008-06-12,09:34:28,130,3,"#000004f0","#00001fd4","info ","DNSRBL","::MTAM_UnInitMessage, MID = 637346464"
2008-06-12,09:34:28,130,3,"#000004f0","#00001fd4","info ","DNSRBL","[this = 025FD22A0],CMTAMMessage::UnInitMessage"
2008-06-12,09:34:28,130,3,"#000004f0","#00001fd4","info ","DNSRBL","releasing CMTAMMessage"
2008-06-12,09:34:28,130,3,"#000004f0","#00001fd4","info ","DNSRBL","[this = 025FD22A0],CMTAMMessage::~CMTAMMessage"
2008-06-12,09:34:28,130,3,"#000004f0","#00001fd4","info ","DNSRBL","CMTAMMessage released"
2008-06-12,09:34:28,130,3,"#000004f0","#00001fd4","info ","DNSRBL","::MTAM_UnInitMessage,[returning]"
I should also note that since copying the above, another addition has been made to the log less than a minute later, where the zen check worked, but sorbs still failed:
DNSRBL","Performing query: 185.39.111.79.dnsbl.sorbs.net"
","warning","DNSRBL","Error while performing query: 301"
warning","DNSRBL","Description: Interrupted."
","DNSRBL","SPAM DETECTED: Open Relay detected"
","DNSRBL","Report: Sending mail server found on zen.spamhaus.org "
Note that we get these errors whether we set our local DNS server (on our DC, ping ~1ms) in GFI, or our ISP’s DNS server (~8ms). As mentioned previously, zen.spam works fine when we set it up directly in ESM.
Thanks a lot for your time, and continued assistance.
|
|
|
|
|
RE: Heaps of spam getting through since updating build - 12.Jun.2008 4:10:59 AM
|
|
|
josephdebono
Posts: 16
Joined: 24.Sep.2007
Status: offline
|
Hi agian,
Error 301 definately means that the DNS requests are timing out. Just to confirm, have you manually set the DNS server (on the properties of the Anti-Spam node) to the IP of your server?
_____________________________
Regards,
Joseph DeBono
GFI Software Ltd - www.gfi.com
Messaging, Content Security & Network Security Software
GFI: MailEssentials - MailSecurity - MailArchiver - FAXmaker - LANguard – WebMonitor
|
|
|
|
|
RE: Heaps of spam getting through since updating build - 12.Jun.2008 7:31:41 PM
|
|
|
David99
Posts: 16
Joined: 3.Oct.2007
Status: offline
|
Joseph,
Yes, that is correct, and how it is currently setup i.e 192.168.1.11. Though we have tried leaving it on ‘use the dns server configured on this pc’, setting our dns servers name & ip manually, as well as specifying the ip of our ISP’s dns server – all with the same result.
|
|
|
|
|
RE: Heaps of spam getting through since updating build - 16.Jun.2008 9:35:19 AM
|
|
|
josephdebono
Posts: 16
Joined: 24.Sep.2007
Status: offline
|
quote:
ORIGINAL: David99
Joseph,
Yes, that is correct, and how it is currently setup i.e 192.168.1.11. Though we have tried leaving it on 'use the dns server configured on this pc', setting our dns servers name & ip manually, as well as specifying the ip of our ISP's dns server – all with the same result.
Hi David,
Seems to a strange issue. The timeout is set to 3 seconds mainly because having it higher would definatly slow down the mail flow and could cause problems on mail server. However on most systems the responce on a DNS query is received within 300ms. What I might suggest you do is trying to perform some lookups manually using nslookup and check how long it takes to receive a response.
To perform a lookup do the following:
Get an IP and reverse the order of the octets (e.g. 192.168.1.2 becomes 2.1.168.192)
Add the name of a blacklist (e.g. 2.1.168.192.zen.spamhaus.org)
Start -> Run -> nslookup.exe
Input the query above.
The query will return a result if the IP is listed in the blacklist. If not it will return the following message:
"<server> can't find IP.zen.spamhaus.org: Non-existent domain"
Try the following:
144.216.10.58.zen.spamhaus.org (confirmed spam IP)
32.197.46.207.zen.spamhaus.org (Microsoft.com's IP - definately not spam)
Check how long it takes to get a response for both blacklisted and non blacklistd emails. If the responses are not instantaneous it could be a problem from your DNS server. Otherwise let me know and I'll see what I can do from my end.
_____________________________
Regards,
Joseph DeBono
GFI Software Ltd - www.gfi.com
Messaging, Content Security & Network Security Software
GFI: MailEssentials - MailSecurity - MailArchiver - FAXmaker - LANguard – WebMonitor
|
|
|
|
|
RE: Heaps of spam getting through since updating build - 19.Jun.2008 3:55:30 PM
|
|
|
georgey
Posts: 5
Joined: 5.Jun.2008
Status: offline
|
Hi
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
