GFI
English Deutsch Français Italiano Nederlands Español
Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Member List  Search  FAQ  Ticket List  Log Out

 

How do MailEssentials approve MX-records?

  		Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [Content Security] >> GFI MailEssentials for Exchange/SMTP >> How do MailEssentials approve MX-records? Page: [1]
Login
Message << Older Topic   Newer Topic >>
How do MailEssentials approve MX-records? - 13.Oct.2006 8:08:23 AM   
Mats Bjur

 

Posts: 109
Joined: 9.Sep.2004
From: Gothenburg, Sweden
Status: offline 		Hi

This is a follow-up (but different question) on this thread which isn't resolved:
http://forums.gfi.com/spam_in_my_own_name_reaching_through/m_900736605/tm.htm

Situation:
Exchange 2003 single server with MailEssentials 12 b20060628

Public MX-records:
exchange.mydomain.se [preference = 10]
mx2.IspMxBackupService.se [preference = 20]

Public SPF-record:
v=spf1 a:exchange.mydomain.se ~all

MailEssentials SPF setting: Medium

The problem:
Spammers are using the secondary MX-server (which is our ISP's MX-backup service) to send spam to our domain. Even though the ME SPF-check is set to medium, these mails still gets through (ie, the forged sender could be my.name@mycompany.se).

Questions:
Does MailEssentials in some way do a checkup on the available MX-records for a mydomain.se and accept mx2.IspMxBackupService.se as a valid mailserver because it's a registered MX, even though the SPF-record says only to accept exchange.mydomain.se as a sending server for mydomain.se?

Also, MailEssentials is configured to use the internal DNS. In the internal AD-DNS, I've got the mydomain.se zone, but with no SPF. Could this be causing the errors?

< Message edited by Mats Bjur -- 13.Oct.2006 8:18:59 AM >
Post #: 1
RE: How do MailEssentials approve MX-records? - 16.Oct.2006 4:58:00 AM   
Patrizia

 

Posts: 8474
Joined: 18.Aug.2003
From: Malta
Status: offline 		Mats Bjur,

Do the mails, which are passing through the secondary MX-server still pass through GFI MailEssentials (Check to see whether these mails appear in the GFI Monitor).


_____________________________

Patrizia Caruana
GFI Software - www.gfi.com
Messaging, Content Security & Network Security Software

(in reply to Mats Bjur)
Post #: 2
RE: How do MailEssentials approve MX-records? - 16.Oct.2006 5:39:46 AM   
Mats Bjur

 

Posts: 109
Joined: 9.Sep.2004
From: Gothenburg, Sweden
Status: offline 		Hi

Yes they do.

I'd appreciate answers on the questions above too :)

(in reply to Patrizia)
Post #: 3
RE: How do MailEssentials approve MX-records? - 17.Oct.2006 4:35:25 AM   
Mark Busuttil

 

Posts: 4833
Joined: 16.Oct.2005
Status: offline 		When MailEssentials will perform an SPF check, it will simply check the SPF records which you have published and therefore although you have the Secondary MX Record, it should not allow the emails in question through.

We would like to investigate this issue further. Can you please send us your troubleshooter files as indicated in the following link:

http://forums.gfi.com/Read_this_first/m_900727096/tm.htm

Thank You!

_____________________________

Regards,
Mark Busuttil

GFI Software Ltd - www.gfi.com
Messaging, Content Security & Network Security Software
GFI: MailEssentials - MailSecurity - MailArchiver - FAXmaker - LANguard – WebMonitor

(in reply to Mats Bjur)
Post #: 4
RE: How do MailEssentials approve MX-records? - 17.Oct.2006 4:49:55 AM   
Mats Bjur

 

Posts: 109
Joined: 9.Sep.2004
From: Gothenburg, Sweden
Status: offline 		Hi

If there's a way to specify where GFI stores the troubleshooter files, I could send them to you. As it is now, there's too little disk space on the drive where GFI is installed to enable this.

Is the folder for this configurable?

(in reply to Mark Busuttil)
Post #: 5
RE: How do MailEssentials approve MX-records? - 17.Oct.2006 5:06:52 AM   
Mark Busuttil

 

Posts: 4833
Joined: 16.Oct.2005
Status: offline 		Once you run the troubleshooter application, the logs and files are stored on the following folder:

<\GFI\MailEssentials\support>

Unfortunately, this folder is not configurable, and therefore the output of the troubleshooter application can only be stored in the path above.

Since generally the troubleshooter files will be large in size, can you please zip them up before uploading them to our FTP Server as indicated in the link mentioned in my previous post.

Thank you!


_____________________________

Regards,
Mark Busuttil

GFI Software Ltd - www.gfi.com
Messaging, Content Security & Network Security Software
GFI: MailEssentials - MailSecurity - MailArchiver - FAXmaker - LANguard – WebMonitor

(in reply to Mats Bjur)
Post #: 6
Page:   [1]
All Forums >> [Content Security] >> GFI MailEssentials for Exchange/SMTP >> How do MailEssentials approve MX-records? Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


   © 2008. All rights reserved. GFI Software Home Products Download Trials Support Ordering Site Map About Us Contact us
GFI solutions: Exchange anti spam filter - exchange anti virus - isa server - network vulnerability scanner - event log management - USB security software - exchange archiving - fax server software