RE: PDF Spam
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
RE: PDF Spam - 20.Aug.2007 8:19:40 AM
|
|
|
Nicks
Posts: 2741
Joined: 17.Mar.2003
Status: offline
|
Hi,
A new build of GFI MailEssentials 12 (build 20070810) has been released. This build targets Attachment Spam. Information on the new build can be found at http://kbase.gfi.com/showarticle.asp?id=KBID003143
walterk1,
There are quite a few good lists, although some of them may prove to be better for certain clients than for others. We normally do not recommend DNS Blacklists ourselves for this reason, however quite a few MailEssentials users use list.dnsbl.org. We should be recommending an alternative to APEWS list soon.
I would recommend that you check the emails that have been blocked over the weekend. Note that if you have the Auto-Whitelist enabled, you would not be finding a lot of blocked legitimate emails.
_____________________________
Nicholas Sciberras
GFI Software - www.gfi.com
Messaging, Content Security & Network Security Software
|
|
|
|
|
RE: PDF Spam - 20.Aug.2007 9:26:52 AM
|
|
|
pmcneill
Posts: 149
Joined: 18.May2005
Status: offline
|
Hi Nick,
I'm running version 12 build 20070112. Do I need to do anything other than apply this new version to my server? In other words, does this negate the need to manually update a DLL like the first PDF Spam fix required, or do I still need to do that?
Thanks
|
|
|
|
|
RE: PDF Spam - 20.Aug.2007 9:30:14 AM
|
|
|
Nicks
Posts: 2741
Joined: 17.Mar.2003
Status: offline
|
Hi,
You would need to install the new build. The new build will inform you that it is going to un-install the previous version before installing the new version. Your configuration settings will be retained.
Once the new version is installed, ensure that "Check if email contains attachment spam" is enabled. The option has been included in the Header Checking options -> General contd. tab.
_____________________________
Nicholas Sciberras
GFI Software - www.gfi.com
Messaging, Content Security & Network Security Software
|
|
|
|
|
RE: PDF Spam - 20.Aug.2007 9:39:32 AM
|
|
|
pmcneill
Posts: 149
Joined: 18.May2005
Status: offline
|
Ok, so no manual DLL changes this time.
Thank you.
|
|
|
|
|
RE: PDF Spam - 20.Aug.2007 9:41:25 AM
|
|
|
Nicks
Posts: 2741
Joined: 17.Mar.2003
Status: offline
|
Hi,
I confirm that there are no manual dll changes required to upgrade to the new build.
_____________________________
Nicholas Sciberras
GFI Software - www.gfi.com
Messaging, Content Security & Network Security Software
|
|
|
|
|
RE: PDF Spam - 20.Aug.2007 11:18:39 AM
|
|
|
pardizzone
Posts: 16
Status: offline
|
Hmm... came in this morning and noticed that the filter has started to work again! I have not applied the new patch yet either.
|
|
|
|
|
RE: PDF Spam - 20.Aug.2007 11:26:03 AM
|
|
|
dima
Posts: 40
Joined: 10.Feb.2006
Status: offline
|
Nicks,
The APEWS blacklist has not been closed. The UCEPROTECT *mirror* of APEWS has been closed. The list itself still exists, and is using the "l2.apews.org" zone. See http://apews.org/?page=filter for more info.
As far as alternatives go, the following have been most effective for me:
zen.spamhaus.org
list.dsbl.org
dnsbl.njabl.org
dnsbl.sorbs.net
bl.spamcop.net
t1.dnsbl.net.au
psbl.surriel.com
dnsbl.tqmcube.com
dnsbl-1.uceprotect.net
blackholes.five-ten-sg.com
l2.apews.org (bottom of my DNSBL list)
There are also these, but they haven't done anything for me so far:
dsn.rfc-ignorant.org
db.wpbl.info
dnsbl.ahbl.org
aspews.ext.sorbs.net
rbl.orbitrbl.com
Hope this helps someone,
--
dima
< Message edited by dima -- 20.Aug.2007 11:30:46 AM >
|
|
|
|
|
RE: PDF Spam - 21.Aug.2007 1:22:43 PM
|
|
|
PhilH
Posts: 41
Joined: 19.Jun.2004
From: Dearborn, MI
Status: offline
|
quote:
As far as alternatives go, the following have been most effective for me:
zen.spamhaus.org
list.dsbl.org
dnsbl.njabl.org
dnsbl.sorbs.net
bl.spamcop.net
t1.dnsbl.net.au
psbl.surriel.com
dnsbl.tqmcube.com
dnsbl-1.uceprotect.net
blackholes.five-ten-sg.com
l2.apews.org (bottom of my DNSBL list)
t1.dnsbl.net.au
dnssbl.tqmcube.com
both fail the DNS test built into ME (pressing the Test button).
We also use cbl.abuseat.org.
quote:
The list itself still exists, and is using the "l2.apews.org" zone. See http://apews.org/?page=filter for more info.
Something that confuses me - according to article at the link above l2.apews.org is a left handed SBL (LHSBL) and l1.apews.org is a right handed SBL (RHSBL). I understand the difference between the two but what I don't understand is according this Wikipedia article http://wiki.openrbl.org/wiki/RHSBL an RHSBL is commonly referred to as DNSBL which is what I thought ME was using, not LHSBL's which is what l2.apews.org is (at least according to the article at the link above).
The other thing that's confusing is that the Apews article says that l2.apews.org only lists CIDR's.
Not sure if ME does domain blacklist or IP blacklist lookups??
Sorry for my ignorance - I'm treading into new water with RBL protocol stuff.
TIA - Phil
|
|
|
|
|
RE: PDF Spam - 21.Aug.2007 2:23:58 PM
|
|
|
dima
Posts: 40
Joined: 10.Feb.2006
Status: offline
|
CBL is included in Spamhaus XBL, which is also included in ZEN, so you don't need to use it unless you aren't using ZEN.
All the zones listed above pass the ME DNSBL test for me.
MailEssentials does IP-based lookups, because that's how SMTP email operates - using IP addresses. A "standard" DNSBL is LHSBL. RHSBL is a special case where the BL lists domain name-based records. Every piece of anti-spam software that uses DNSBL's must do IP-based lookups at the very least.
--
dima
< Message edited by dima -- 21.Aug.2007 2:26:10 PM >
|
|
|
|
|
RE: PDF Spam - 31.Aug.2007 10:30:12 AM
|
|
|
sandro
Posts: 1345
Joined: 26.Jul.2007
Status: offline
|
Hello Mats Bjur,
Please contact myself using an alternate email address as there is some problem with your mail box and emails are not getting through.
Thanks
_____________________________
Sandro Pace
GFI Software - www.gfi.com
Messaging, Content Security & Network Security Software
|
|
|
|
RE: PDF Spam - 12.Sep.2007 8:16:40 PM
|
|
|
vretna
Posts: 33
Joined: 13.Jan.2005
From: USA
Status: offline
|
Per KBID003142 linked from KBID003143 your organization wants customers of ME to muck around in their registry to use and adjust these new checking features???
Some of us have to deploy this stuff and turn it over to less technical "server operators" to maintain.
I'm not happy about this registry tweaking and hope there's another new build on the horizon!
Thanks for the feature.... I think?
|
|
|
|
|
RE: PDF Spam - 13.Sep.2007 9:11:26 AM
|
|
|
sandro
Posts: 1345
Joined: 26.Jul.2007
Status: offline
|
Hello vretna,
Have added your request to the feature requests list so that the registry keys can be modified via GUI.
Thanks for your feedback!
Regards
_____________________________
Sandro Pace
GFI Software - www.gfi.com
Messaging, Content Security & Network Security Software
|
|
|
|
|
RE: PDF Spam - 14.Sep.2007 1:50:36 PM
|
|
|
sreece
Posts: 53
Joined: 10.May2006
Status: offline
|
I'm using ME 12.0 build 20070810.
With this new "Check if email contains attachment spam" feature, has anyone noticed large-ish emails disappearing into the ether? We have had customers sending 10MB and up PDFs and DWGs (I know, it's large but easier than having clients disable passive FTP in a client and connect this way) and the emails never make it here. There is no notification that the email has been blocked, and no NDR is sent back to the sender. It's as if the email just vanishes.
I'm guessing that the attachments (in particular PDFs) are being scanned using some sort of OCR technology to see if there are words that would indicate SPAM in there. This is very resource and time intensive, and maybe there is a time-out on this process.
Of course, this is just a guess. In the meantime I have disabled it, but it still seems to be blocking large emails with no notification to anyone.
I guess my question is: Has anyone seen this behavior with the attachment checker?
Thanks,
Stephen
|
|
|
|
|
RE: PDF Spam - 17.Sep.2007 5:50:57 AM
|
|
|
sandro
Posts: 1345
Joined: 26.Jul.2007
Status: offline
|
Hello sreece,
There is no OCR scanning within the PDF check within MailEssentials.
The best option to start troubleshooting would be to enable SMTP logging on both the sending server and the receiving machine and see what is happening at SMTP connection stage.
Regards
_____________________________
Sandro Pace
GFI Software - www.gfi.com
Messaging, Content Security & Network Security Software
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
