RE: Flood of "System Administrator" Undeliverable SPAM, please help (Full Version)

All Forums >> [Content Security] >> GFI MailEssentials for Exchange/SMTP



Message

kharris -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (3.Apr.2008 1:04:06 PM)

same here, changed reg key to scan NDRs but some users are still getting some of these. I realize it's all backscatter, but a fix from GFI that works would be great. thanks,



kharris -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (3.Apr.2008 1:08:58 PM)

update:

less than five minutes after this post I got a call from a user who is getting inundated with backscatter. they have had hundreds this morning, and at least 10 in the 2 minutes I was on the phone with them. HELP!!!!!



M4Gg0T5 -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (3.Apr.2008 1:35:56 PM)

Kharris, we're all in the same boat. I have some user that received 2-3 every minutes and some other none. There's no solution right now so you might just inform your users to delete them and to empty the trash more often. My boss is going crazy with this too and it's very bad for the image here. I really hope we get a fix soon.



pmcneill -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (3.Apr.2008 1:39:07 PM)

As a short term "fix", an Outlook rule deleting stuff from sys admin might help a bit, although by the time you get this in place on a user's mailbox the attack is often over.

Truly a pain.



dima -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (3.Apr.2008 2:18:06 PM)

@GFI: We also need NDR's to be scanned in the public folders, please.



kharris -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (3.Apr.2008 2:29:50 PM)

I know it's happening for everyone else too, and it is frustrating. I just decided to create a temp rule in MS to delete emails with all of the variations for the NDRs we're receiving and it is at least keeping the backscatter to a minimum. Of course with this approach valid NDRs are now deleted, but it's a trade off worth taking for now.



jmjacquet -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (4.Apr.2008 1:49:50 AM)

To Alexc

Thanks for your update. It's good to know that GFI's team are working on this problem.
I'm sure you will find a good solution within a reasonable time.

Regards.



wrabbit -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (4.Apr.2008 4:20:28 AM)

quote:

Regarding what wrabbit said about the 2 subjects in the email -- actually the second subject is the one of the embedded email, which, as I said, does not get scanned currently.


Hi Alec

Thanks for the update.

I know it's a side issue to the major one of the NDR spam, but be aware that any e-mail, ie not backscatter, sent with 2 subjects the second subject is not scanned.  I can see this being something that spammers will take advantage off in the future as the last subject is the one that Outlook displays.

eg
Mail from:spammer@spammer.com
rcpt to:mypoorusers@helpless.com
data
Subject: Regarding our meeting next Wednesday
Subject: Get your free Rolex watches
.

The first subject is scanned by GFI, the second isn't - so keyword filtering on the headers will not catch this mail.  I realise one of the other checks will probably catch it instead.  However if it gets through the user will see Get your free Rolex watches as the subject in Outlook.  And I'll get the phone call as to how this obvious spam got through.

If someone else could confirm they're seeing the same behaviour.



JanZoet -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (4.Apr.2008 8:58:10 AM)

Hello,

M4Gg0T5,
When you enable the Bayesian Analysis and this filter does not detect the message as spam it will be past on to the next filter in line.
So yes, your Keyword Checker will still be used.

Kind regards,



pcecom -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (4.Apr.2008 9:08:55 AM)

I can confirm spam with double subjects getting through for my users. I find most of them have zip attachements. I don't want to go back to deleting mail with zip attachements but if it gets much worse I may have to.



deckking -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (5.Apr.2008 11:35:05 PM)

Looks like GFI tech support is working hard on this, really hope it can be fixed soon as this is unacceptable in some companies.

One of big company in Toronto, they're using Ironport as the first line and BrightMail as second line for antispam, hard to believe that over 95% of the email received are spam and there is almost no spam can reach end user.

To my own experience, GFI has a great product and fabulous tech support person, hope they can make ME more & more reliable.



KristofT -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (7.Apr.2008 8:00:00 AM)

Since all outbound e-mails pass GFI too, isn't it possible to keep track of all e-mail addresses to which an e-mail is send last x days. When afterwards, an NDR comes in, GFI can scan if one of these addresses is in the NDR message.
if so => the NDR may be delivered to the user
if not => delete the NDR




trcc -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (7.Apr.2008 8:35:28 AM)

I had the same idea...the more I think of that solution, the more it seems the best way to me ;-)

I can't imagine that this tracking and comparing inbound NDRs/outbound mails could decrease performance too much.



steven112024 -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (7.Apr.2008 8:40:49 AM)

KristofT,

Great idea.  I second that.  Maybe NDRs can also be scanned against the auto whitelist.



pmcneill -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (7.Apr.2008 9:35:22 AM)

Hundreds more of these over the weekend in various mailboxes here. 



Page: <<   < prev  2 3 [4] 5 6   next >   >>