GFI
English Deutsch Français Italiano Nederlands Español
Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Member List  Search  FAQ  Ticket List  Log Out

 

how can I tell what domain(s) are getting most of the spam?

  		Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [Content Security] >> GFI MailEssentials for Exchange/SMTP >> how can I tell what domain(s) are getting most of the spam? Page: [1]
Login
Message << Older Topic   Newer Topic >>
how can I tell what domain(s) are getting most of the s... - 15.Sep.2008 6:52:31 PM   
jsaul

 

Posts: 3
Joined: 27.Aug.2007
Status: offline 		HI,
    I have 4 domains on my mail server, but only about a dozen users, yet my daily spam report shows over 200,000 messages a week! GFIME id killing 99% of it but this much spam is bogging down my server and 1.5mb dsl both to very unacceptable levels.
How can I drill down to find out where most of this spam is addressed to? if the bulk of it is all coming into one domain, them I can off load that domain to another server and just pop2exchange the accounts over.
Thanks -Jim
Post #: 1
RE: how can I tell what domain(s) are getting most of t... - 18.Sep.2008 9:06:32 AM   
vizeroth

 

Posts: 7
Joined: 1.Aug.2008
Status: offline 		You can filter the reports by email address and look for the top 20 or so addresses. This will work really well if most of the spam is coming to a handful of specific email addresses. I can usually check the reports and find that one user is getting hit harder than any of the others at any given time (usually the top 5 email addresses receive far more spam than any others, and the top 1 or 2 will receive several times more than the 3rd or 4th).

You can also get a bit of an idea of what's going on by looking at the size of your logs (and checking the logs themselves), assuming you have logging enabled for the individual filters. For example, if directory harvesting is catching most of the spam, you're getting a lot of spam sent to a large number of invalid addresses. Looking in the log might give you a general idea of which domain they're trying to harvest. In my case, the keyword and dnsbl logs grow at a rate significantly faster than any of the others, because of the nature of the spam I receive and the priority of the filters.

(in reply to jsaul)
Post #: 2
Page:   [1]
All Forums >> [Content Security] >> GFI MailEssentials for Exchange/SMTP >> how can I tell what domain(s) are getting most of the spam? Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


   © 2008. All rights reserved. GFI Software Home Products Download Trials Support Ordering Site Map About Us Contact us
GFI solutions: Exchange anti spam filter - exchange anti virus - isa server - network vulnerability scanner - event log management - USB security software - exchange archiving - fax server software