RE: Flood of "System Administrator" Undeliverable SPAM, please help
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
RE: Flood of "System Administrator" Undeliver... - 1.Apr.2008 5:32:45 AM
|
|
|
trcc
Posts: 8
Joined: 9.Nov.2007
Status: offline
|
We are moving this NDR Spam to the thisisspam-folder, like JanZoet in another Thread told. But ME does not grab these mails to train the filter, other mails in this folder are processed.
Best regards,
Eric
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 1.Apr.2008 6:42:49 AM
|
|
|
LukeQuake
Posts: 20
Joined: 18.Mar.2008
Status: offline
|
quote:
trcc
We are moving this NDR Spam to the thisisspam-folder, like JanZoet in another Thread told. But ME does not grab these mails to train the filter, other mails in this folder are processed.
Best regards,
Eric
We have also tried this to no avail.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 1.Apr.2008 8:06:18 AM
|
|
|
Phanatik
Posts: 8
Joined: 28.Feb.2007
Status: offline
|
Same problems here, we keep getting flooded with these and none of the solutions on the forum have yet to make a dent in the problem.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 1.Apr.2008 8:26:49 AM
|
|
|
LukeQuake
Posts: 20
Joined: 18.Mar.2008
Status: offline
|
We raised this with GFI support this morning and from my understanding all spam providers are being affected by this at the moment (not just GFI). The GFI developers are working on a fix but we don't have an expected release date yet...
One day they will make spamming illegal and solve all of our problems!
I will post again when we have more information.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 1.Apr.2008 10:21:43 AM
|
|
|
Phanatik
Posts: 8
Joined: 28.Feb.2007
Status: offline
|
Thanks for the update, I spoke to GFI this morning and went over a bunch of things to hopefully fix my problem but in the end it did not.
< Message edited by Phanatik -- 1.Apr.2008 10:56:59 AM >
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 1.Apr.2008 10:35:42 AM
|
|
|
LukeQuake
Posts: 20
Joined: 18.Mar.2008
Status: offline
|
quote:
ORIGINAL: Phanatik
Thanks for the update, I spoke to GFI this morning and went over a bunch of things to hopefully fix my problem but in the end it did not.
Now my question is, why are these getting through, what are the spammers doing differently that time around that is bypassing everyones filters?
Doing what they do best... finding ways to give us all alot of headaches and hassle from end users!
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 1.Apr.2008 10:38:23 AM
|
|
|
Phanatik
Posts: 8
Joined: 28.Feb.2007
Status: offline
|
Apparently, big freaking headaches and it sucks! I hope it gets figured out soon. I'm surprised no one has figured out what they are exploiting yet.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 1.Apr.2008 11:29:11 AM
|
|
|
pmcneill
Posts: 132
Joined: 18.May2005
Status: offline
|
They are simply exploiting a mail server's (and most SPAM filtering software's) default config which is to accept non-delivery reports from what are considered to be legitimate sources. This is simply a "backscatter" attack. It is explained quite well here:
http://www.backscatterer.org/?target=backscatter
GFI, are there any plans to include the ability to check against a DNSBL that keeps track of mail servers that are misconfigured and respond to misaddressed mail? (e.g. http://www.backscatterer.org/?target=home). These basically treat servers that send NDRs for misaddressed mail the same way we started treating servers that have open relays years ago. Backscatter is becoming a more common method for the "bad guys" to get their SPAM to us, and we "good guys" need to evolve to counter this. We need backscatter DNSBL support ASAP.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 1.Apr.2008 2:21:46 PM
|
|
|
chaznsc
Posts: 13
Joined: 26.Feb.2008
Status: offline
|
Stupid question here on this subject. Does adding these messages to the THIS IS SPAM folder help, hurt, etc the efforts to curb spam?
We have applied the regedit hack and I will report back with our success rate. It seems this should be investigated deeper by GFI.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 1.Apr.2008 3:51:48 PM
|
|
|
jschwilling
Posts: 3
Joined: 1.Apr.2008
Status: offline
|
Adding the NDR messages to the public folder really does not help, as GFI public folder scanning does not process those message types. That is why you will see NDR messages sitting in the GFI Public folders even after forcing GFI to scan the folders now.
http://kbase.gfi.com/showarticle.asp?id=KBID003132
GFI MailEssentials AntiSpam Public Folder scanning detects that an email is an NDR and will therefore not process such an email. Such emails need to be deleted manually from the GFI MailEssentials AntiSpam Public Folders.
Also, as mentioned above, this is a trend that is hurting all the AntiSpam vendors right now, not just GFI. So unfortunately we will need to just be pateint as a solutions is worked on.
I too have done the registry fix to scan NDRs but that is to scan for a spam that is disguised as an NDR, not an actual NDR as the result of backscatter.
< Message edited by jschwilling -- 1.Apr.2008 3:56:36 PM >
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 1.Apr.2008 4:16:18 PM
|
|
|
davenportkurt
Posts: 12
Joined: 1.Apr.2008
Status: offline
|
All,
Not sure if this will offer a temp. solution until they get this problem solved but it might be worth a try. I am having the same problem w/ several users as well.
http://support.microsoft.com/default.aspx?scid=kb;en-us;315631
It seems a bit complex but 30 minutes of setup beats the phone ringing from affected users.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 1.Apr.2008 10:20:53 PM
|
|
|
bancza
Posts: 3
Joined: 1.Apr.2008
Status: offline
|
Guys,
The registry "hack" does work, You just have to make sure that the manually entered whitelist does not have any of your users' email addresses.I have done this today on several of my clients' servers and they all worked. They were getting hundreds of NDR's a day and now, none!
Regards,
Zsolt
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 1.Apr.2008 11:01:20 PM
|
|
|
cepolly
Posts: 12
Joined: 1.Oct.2007
Status: offline
|
quote:
ORIGINAL: bancza
Guys,
The registry "hack" does work, You just have to make sure that the manually entered whitelist does not have any of your users' email addresses.I have done this today on several of my clients' servers and they all worked. They were getting hundreds of NDR's a day and now, none!
Regards,
Zsolt
I have to disagree. I have the hack, no one is in the whitelist and i have the lates version just released and i'm getting hammered. granted not as bad as earlier, but i am still receiving ndr's.
Rechecking the above. After the reinstall I needed to set the scan to 1 in the registry again as the reinstall reset it to 0.
< Message edited by cepolly -- 1.Apr.2008 11:08:36 PM >
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 1.Apr.2008 11:13:46 PM
|
|
|
cepolly
Posts: 12
Joined: 1.Oct.2007
Status: offline
|
Question: does this hack apply to Outlook 07 as far as it being moved to the Junk mail folder?
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 1.Apr.2008 11:57:15 PM
|
|
|
bancza
Posts: 3
Joined: 1.Apr.2008
Status: offline
|
That is correct: Reinstall does reset the registry key to 0/no ndr scanning/.
As far as Outlook 2007: I don't think it matters if it's 2007 or 2003.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
