RE: Flood of "System Administrator" Undeliverable SPAM, please help

RE: Flood of "System Administrator" Undeliverable SPAM, please help (Full Version)

All Forums >> [Content Security] >> GFI MailEssentials for Exchange/SMTP

Message

trcc -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (1.Apr.2008 5:32:45 AM)
We are moving this NDR Spam to the thisisspam-folder, like JanZoet in another Thread told. But ME does not grab these mails to train the filter, other mails in this folder are processed. Best regards, Eric

LukeQuake -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (1.Apr.2008 6:42:49 AM)
quote: trcc We are moving this NDR Spam to the thisisspam-folder, like JanZoet in another Thread told. But ME does not grab these mails to train the filter, other mails in this folder are processed. Best regards, Eric We have also tried this to no avail.

Phanatik -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (1.Apr.2008 8:06:18 AM)
Same problems here, we keep getting flooded with these and none of the solutions on the forum have yet to make a dent in the problem.

LukeQuake -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (1.Apr.2008 8:26:49 AM)
We raised this with GFI support this morning and from my understanding all spam providers are being affected by this at the moment (not just GFI). The GFI developers are working on a fix but we don't have an expected release date yet... One day they will make spamming illegal and solve all of our problems! I will post again when we have more information.

Phanatik -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (1.Apr.2008 10:21:43 AM)
Thanks for the update, I spoke to GFI this morning and went over a bunch of things to hopefully fix my problem but in the end it did not.

LukeQuake -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (1.Apr.2008 10:35:42 AM)
quote: ORIGINAL: Phanatik Thanks for the update, I spoke to GFI this morning and went over a bunch of things to hopefully fix my problem but in the end it did not. Now my question is, why are these getting through, what are the spammers doing differently that time around that is bypassing everyones filters? Doing what they do best... finding ways to give us all alot of headaches and hassle from end users!

Phanatik -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (1.Apr.2008 10:38:23 AM)
Apparently, big freaking headaches and it sucks! I hope it gets figured out soon. I'm surprised no one has figured out what they are exploiting yet.

pmcneill -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (1.Apr.2008 11:29:11 AM)
They are simply exploiting a mail server's (and most SPAM filtering software's) default config which is to accept non-delivery reports from what are considered to be legitimate sources. This is simply a "backscatter" attack. It is explained quite well here: http://www.backscatterer.org/?target=backscatter GFI, are there any plans to include the ability to check against a DNSBL that keeps track of mail servers that are misconfigured and respond to misaddressed mail? (e.g. http://www.backscatterer.org/?target=home). These basically treat servers that send NDRs for misaddressed mail the same way we started treating servers that have open relays years ago. Backscatter is becoming a more common method for the "bad guys" to get their SPAM to us, and we "good guys" need to evolve to counter this. We need backscatter DNSBL support ASAP.

chaznsc -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (1.Apr.2008 2:21:46 PM)
Stupid question here on this subject. Does adding these messages to the THIS IS SPAM folder help, hurt, etc the efforts to curb spam? We have applied the regedit hack and I will report back with our success rate. It seems this should be investigated deeper by GFI.

jschwilling -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (1.Apr.2008 3:51:48 PM)
Adding the NDR messages to the public folder really does not help, as GFI public folder scanning does not process those message types. That is why you will see NDR messages sitting in the GFI Public folders even after forcing GFI to scan the folders now. http://kbase.gfi.com/showarticle.asp?id=KBID003132 GFI MailEssentials AntiSpam Public Folder scanning detects that an email is an NDR and will therefore not process such an email. Such emails need to be deleted manually from the GFI MailEssentials AntiSpam Public Folders. Also, as mentioned above, this is a trend that is hurting all the AntiSpam vendors right now, not just GFI. So unfortunately we will need to just be pateint as a solutions is worked on. I too have done the registry fix to scan NDRs but that is to scan for a spam that is disguised as an NDR, not an actual NDR as the result of backscatter.

davenportkurt -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (1.Apr.2008 4:16:18 PM)
All, Not sure if this will offer a temp. solution until they get this problem solved but it might be worth a try. I am having the same problem w/ several users as well. http://support.microsoft.com/default.aspx?scid=kb;en-us;315631 It seems a bit complex but 30 minutes of setup beats the phone ringing from affected users.

bancza -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (1.Apr.2008 10:20:53 PM)
Guys, The registry "hack" does work, You just have to make sure that the manually entered whitelist does not have any of your users' email addresses.I have done this today on several of my clients' servers and they all worked. They were getting hundreds of NDR's a day and now, none! Regards, Zsolt

cepolly -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (1.Apr.2008 11:01:20 PM)
quote: ORIGINAL: bancza Guys, The registry "hack" does work, You just have to make sure that the manually entered whitelist does not have any of your users' email addresses.I have done this today on several of my clients' servers and they all worked. They were getting hundreds of NDR's a day and now, none! Regards, Zsolt I have to disagree. I have the hack, no one is in the whitelist and i have the lates version just released and i'm getting hammered. granted not as bad as earlier, but i am still receiving ndr's. Rechecking the above. After the reinstall I needed to set the scan to 1 in the registry again as the reinstall reset it to 0.

cepolly -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (1.Apr.2008 11:13:46 PM)
Question: does this hack apply to Outlook 07 as far as it being moved to the Junk mail folder?

bancza -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (1.Apr.2008 11:57:15 PM)
That is correct: Reinstall does reset the registry key to 0/no ndr scanning/. As far as Outlook 2007: I don't think it matters if it's 2007 or 2003.

Page: << < prev 1 [2] 3 4 5 next > >>