RE: getting spammed by underliverables
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
RE: getting spammed by underliverables - 27.Mar.2008 3:16:18 AM
|
|
|
Nicks
Posts: 2600
Joined: 17.Mar.2003
Status: offline
|
Hi Annancy,
When the registry key which allows GFI MailEssentials to scan DSN messages is enabled, MailEssentials will need to be configured to block the unwanted messages. A simple way to do this is to make use of keyword checking. Note that this will block ALL NDR messages, even legitimate ones.
Also, ensure that you do not have any local users which are in the whitelist or auto-whitelist.
Thank you
_____________________________
Nicholas Sciberras
GFI Software - www.gfi.com
Messaging, Content Security & Network Security Software
|
|
|
|
|
RE: getting spammed by underliverables - 27.Mar.2008 6:48:48 AM
|
|
|
garethgtt
Posts: 5
Joined: 3.Oct.2007
Status: offline
|
So the problem this causes is that all legitimate NDRs will either
1)land in the users junk mailbox--- fair enough, but hang on--oops so is all the NDR spam
2)be deleted so the user will never know they typoed the wrong email address and just assume whoever they thought they had sent it to isnt answering.
anyone any thoughts on any kind of solution? (i dont see one)
|
|
|
|
|
RE: getting spammed by underliverables - 27.Mar.2008 10:42:02 AM
|
|
|
Nicks
Posts: 2600
Joined: 17.Mar.2003
Status: offline
|
Hi,
Keyword checking is the fastest way to get MailEssentials blocking NDR spam (but possibly other NDR emails also).
The Bayesian filter is far more effective in blocking the individual spam emails. You would need to teach the Bayesian filter which NDR emails are good and which are bad. Check this link for more information on the methods you can use to teach the Bayesian filter - http://kbase.gfi.com/showarticle.asp?id=KBID002947
_____________________________
Nicholas Sciberras
GFI Software - www.gfi.com
Messaging, Content Security & Network Security Software
|
|
|
|
|
RE: getting spammed by underliverables - 27.Mar.2008 10:50:13 AM
|
|
|
garethgtt
Posts: 5
Joined: 3.Oct.2007
Status: offline
|
ok so on the keyword checking-- do you advise adding the 'Undeliverable:' into the whitelist?
or because the registry key has been enabled will those undeliverables be scanned and screen out based on keywords such as 'viagra' in the subject field etc.
|
|
|
|
|
RE: getting spammed by underliverables - 27.Mar.2008 10:57:59 AM
|
|
|
Nicks
Posts: 2600
Joined: 17.Mar.2003
Status: offline
|
Hi,
When you enable the registry key, MailEssentials will start scanning the emails. If you have 'Undeliverable:' in the keyword whitelist, all such NDR messages with this keyword in the subject will not be blocked. I would therefore recommend against doing that.
On the other hand, you can place keywords such as viagra in the subject checking so as to block all emails (including NDR messages) which have this keyword in the subject.
_____________________________
Nicholas Sciberras
GFI Software - www.gfi.com
Messaging, Content Security & Network Security Software
|
|
|
|
|
RE: getting spammed by underliverables - 28.Mar.2008 10:15:47 AM
|
|
|
retronaut
Posts: 10
Joined: 28.Mar.2008
Status: offline
|
Keywords on the subject will not work as the subject of the NDR is often just Undeliverable.
The subject of the original message needs to be scanned for keywords. Is it possible for future versions of ME to do this?
We do not use many keywords for the body of the message but this may require adding to that list.
< Message edited by retronaut -- 28.Mar.2008 10:16:55 AM >
|
|
|
|
|
RE: getting spammed by underliverables - 28.Mar.2008 1:56:14 PM
|
|
|
kharris
Posts: 16
Joined: 10.Aug.2007
Status: offline
|
quote:
ORIGINAL: AbqBill
All,
This type of spam is typically called backscatter.
Make sure that you're not using the "fake" NDR feature built into the MailEssentials product, particularly if you're running it on an SMTP gateway in front of your mail server. Doing this can make it possible to exploit your server to send backscatter.
Search this forum for the term backscatter for more information.
HTH,
Bill
Bill,
I read your blog about ORFEE, and have a couple questions for you. Do you still use ME, but have ORFEE sitting in front of it? I am interested in trying it out, so any recommendations you have will be appreciated. Thanks,
Keith
|
|
|
|
|
RE: getting spammed by underliverables - 25.Apr.2008 7:59:01 AM
|
|
|
jbraly
Posts: 11
Joined: 25.Apr.2008
Status: offline
|
I am frustrated to the point of shopping for another spam filtering service.
I have 300 users, most of which had the NDR "back scatter" issue.
Found the KB mentioned here about editting the registry (poor solution) and it didnt fix it.
Called back, was told to do that God AWFUL troubleshooting thing (which I dread going through).
No solution except to put words like "Undeliverable" in my keyword checking and make sure my users arent in the whitelist.
Did both.
Still get the NDRs.
Have sent at least 5 emails for the 5 more times users have reported the fake NDRs.
Meanwhile, users are sending me whitelist requests left and right because some legit emails are not coming in.
I spend half my time helping users get legit emails that are blocked, and the other half figuring out how to block UNlegit ones that prance right past GFI.
If my emails to support are not replied to in the next week, I go with another spam solution.
And while you are at it, figure out a better way to troubleshoot someones GFI installation rather than them having to do the troubleshooter, save the file to a folder on their desktop, Zip it, FTP it and hope it went to the right place.
Customer ID is 20966
NDR spam issue case #62295
_____________________________
www.techtipsforparents.org
|
|
|
|
|
RE: getting spammed by underliverables - 25.Apr.2008 9:55:00 AM
|
|
|
pcecom
Posts: 16
Joined: 14.Apr.2005
Status: offline
|
Have you applied the patch that was created specifically for this issue? It has helped my NDR spam issue.
|
|
|
|
|
RE: getting spammed by underliverables - 25.Apr.2008 10:20:34 AM
|
|
|
jbraly
Posts: 11
Joined: 25.Apr.2008
Status: offline
|
found it this morning and will apply it this afternoon.
would it have killed them to have emailed that link to me 2 days ago...?
|
|
|
|
|
RE: getting spammed by underliverables - 28.Apr.2008 4:12:34 AM
|
|
|
JanZoet
Posts: 576
Joined: 20.Feb.2008
Status: offline
|
Hello jbraly,
I had a look at your case and see that we sent you an e-mail on the 21st notifying you about the NDR patch.
We also resent this e-mail on the 23rd.
Would you know why are e-mails are not arriving?
Is our domain Whitelisted in your MailEssentials?
Kind regards,
_____________________________
Jan Zoet
Technical Support - GFI Software - www.gfi.com
Messaging, Content Security & Network Security Software
|
|
|
|
|
RE: getting spammed by underliverables - 28.Apr.2008 8:07:56 AM
|
|
|
jbraly
Posts: 11
Joined: 25.Apr.2008
Status: offline
|
yep, you are whitelisted. And I get other emails from you guys.
Mark it down as yet another issue I have had with GFI. :(
Hope things can imporve from my perspective soon.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
