Keyword Checking Did Not Block this.
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
Keyword Checking Did Not Block this. - 12.Apr.2007 4:21:14 PM
|
|
|
joe_it
Posts: 9
Joined: 5.Dec.2005
Status: offline
|
First off, here is the e-mail that I am trying to block.
From: System Administrator
Sent: Thursday, April 12, 2007 1:45 PM
To: USER X
Subject: Undeliverable: KimSoft 0ffers Mlcrosoft+Adobe+More as low as 19$
Your message did not reach some or all of the intended recipients.
Subject: KimSoft 0ffers Mlcrosoft+Adobe+More as low as 19$
Sent: 4/12/2007 1:45 PM
The following recipient(s) cannot be reached:
berrynn@doco.com on 4/12/2007 1:44 PM
The e-mail account does not exist at the organization this message was sent to. Check the e-mail address, or contact the recipient directly to find out the correct address.
<mail.doco.com #5.1.1>
So that is the e-mail that I am trying to block. I went ahead and added "Mlcrosoft" to the keywords for both subject and body to filter. The rule is set to "delete" anything that is finds, but I am still getting numerous e-mails hitting this users inbox. What am I doing wrong?
Joe
|
|
|
|
|
RE: Keyword Checking Did Not Block this. - 12.Apr.2007 5:44:01 PM
|
|
|
AbqBill
Posts: 180
Joined: 13.Apr.2005
Status: offline
|
Hi joe_it,
This is most likely backscatter. Since this is an NDR (non-delivery report), ME won't filter it unless you enable DSN scanning. From an earlier post:
quote:
To configure GFI MailEssentials to scan NDR mails you need to do the following:
1. Open regedit (Start -> Run -> regedit)
2. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\GFI\ME<version>\Config
3. Change the value of 'ase_scandsn' from 0 to 1
4. Re-start the IIS Admin service.
HTH,
Bill
|
|
|
|
|
RE: Keyword Checking Did Not Block this. - 12.Apr.2007 5:45:31 PM
|
|
|
joe_it
Posts: 9
Joined: 5.Dec.2005
Status: offline
|
Thanks for the heads up BILL! That was greatly appreciated and should fix my issue.
Joe
|
|
|
|
|
RE: Keyword Checking Did Not Block this. - 13.Apr.2007 8:16:48 AM
|
|
|
Mark Busuttil
Posts: 4833
Joined: 16.Oct.2005
Status: offline
|
Please Note, by settings the 'ase_scandsn' to '1', this will simply start scanning Delivery Status Notifications.
However, should you wish to block these emails, you would need to block these emails using an AntiSpam Module. For Example,
Create a Keyword Checking Rule, within the Subject, which will block Emails containing:
"Undeliverable"
Thanks
< Message edited by Mark Busuttil -- 16.Apr.2007 5:21:03 AM >
_____________________________
Regards,
Mark Busuttil
GFI Software Ltd - www.gfi.com
Messaging, Content Security & Network Security Software
GFI: MailEssentials - MailSecurity - MailArchiver - FAXmaker - LANguard – WebMonitor
|
|
|
|
|
RE: Keyword Checking Did Not Block this. - 25.Apr.2007 1:18:09 PM
|
|
|
laughey
Posts: 11
Joined: 19.Apr.2004
From: New Hampshire, USA
Status: offline
|
Hello, am I missing something here?
If I do as Mark suggests, what will happen *when* a user sends a message that has that word in the subject? Also, I don't block messages that fail due to 'keywords'; I tag the subject with [SUSPECTED SPAM] and send it through tot he recipient.
Just last night, one employee received over 100 NDRs based on what appears to be this backscatter spam. Unless I block all incoming email based on keyword, something I do not want to do at this point, this isn't a real solution (at least in my situation).
Maybe I'm missing the obvious, but I don't see how this will work. Can someone correct me or can someone show me a better way?
< Message edited by laughey -- 25.Apr.2007 1:24:39 PM >
|
|
|
|
|
RE: Keyword Checking Did Not Block this. - 26.Apr.2007 6:01:13 AM
|
|
|
Mark Busuttil
Posts: 4833
Joined: 16.Oct.2005
Status: offline
|
That is correct, should you recieve an email which contains the same keywords which you have specified in the Keyword Checking module, used to trap the NDRs, then that email will also be blocked (Unless they are listed within the whitelist / autowhitelist)
At this point, this is the only way how NDRs can be blocked with GFI MailEssentials.
_____________________________
Regards,
Mark Busuttil
GFI Software Ltd - www.gfi.com
Messaging, Content Security & Network Security Software
GFI: MailEssentials - MailSecurity - MailArchiver - FAXmaker - LANguard – WebMonitor
|
|
|
|
|
RE: Keyword Checking Did Not Block this. - 2.May2007 10:15:54 AM
|
|
|
reconbot
Posts: 11
Joined: 27.Dec.2006
Status: offline
|
Verry verry glad I foudn this. Fake DSN's have been a problem at my company too. And they seem to get ignored for public folder scanning as well.
I've changed the registry but do I really have to restart the IIS admin service? There are a lot of services that rely on that and I'll have to wait until the end of the day to restart it.
|
|
|
|
|
RE: Keyword Checking Did Not Block this. - 2.May2007 11:04:06 AM
|
|
|
Mark Busuttil
Posts: 4833
Joined: 16.Oct.2005
Status: offline
|
You simply need to restart the GFI MailEssentials attendant Service.
_____________________________
Regards,
Mark Busuttil
GFI Software Ltd - www.gfi.com
Messaging, Content Security & Network Security Software
GFI: MailEssentials - MailSecurity - MailArchiver - FAXmaker - LANguard – WebMonitor
|
|
|
|
|
RE: Keyword Checking Did Not Block this. - 2.May2007 11:49:59 AM
|
|
|
reconbot
Posts: 11
Joined: 27.Dec.2006
Status: offline
|
I did that but the fake DNR's in the public folders still remain unprocessed.
|
|
|
|
|
RE: Keyword Checking Did Not Block this. - 3.May2007 3:22:24 AM
|
|
|
Mark Busuttil
Posts: 4833
Joined: 16.Oct.2005
Status: offline
|
This issue is currently being handled by e-mail support. The reference number(s) used are:
152377 - reconbot
NOTE: We have sent you an email on the address that you have registered over the forums with.
Should you require any updates or further information, kindly contact us using the support form at the following link:
http://support.gfi.com/supportrequestform.asp
_____________________________
Regards,
Mark Busuttil
GFI Software Ltd - www.gfi.com
Messaging, Content Security & Network Security Software
GFI: MailEssentials - MailSecurity - MailArchiver - FAXmaker - LANguard – WebMonitor
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
