RE: Flood of "System Administrator" Undeliverable SPAM, please help
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
RE: Flood of "System Administrator" Undeliver... - 3.Apr.2008 1:04:06 PM
|
|
|
kharris
Posts: 16
Joined: 10.Aug.2007
Status: offline
|
same here, changed reg key to scan NDRs but some users are still getting some of these. I realize it's all backscatter, but a fix from GFI that works would be great. thanks,
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 3.Apr.2008 1:08:58 PM
|
|
|
kharris
Posts: 16
Joined: 10.Aug.2007
Status: offline
|
update:
less than five minutes after this post I got a call from a user who is getting inundated with backscatter. they have had hundreds this morning, and at least 10 in the 2 minutes I was on the phone with them. HELP!!!!!
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 3.Apr.2008 1:35:56 PM
|
|
|
M4Gg0T5
Posts: 16
Joined: 3.Apr.2008
Status: offline
|
Kharris, we're all in the same boat. I have some user that received 2-3 every minutes and some other none. There's no solution right now so you might just inform your users to delete them and to empty the trash more often. My boss is going crazy with this too and it's very bad for the image here. I really hope we get a fix soon.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 3.Apr.2008 1:39:07 PM
|
|
|
pmcneill
Posts: 132
Joined: 18.May2005
Status: offline
|
As a short term "fix", an Outlook rule deleting stuff from sys admin might help a bit, although by the time you get this in place on a user's mailbox the attack is often over.
Truly a pain.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 3.Apr.2008 2:18:06 PM
|
|
|
dima
Posts: 38
Joined: 10.Feb.2006
Status: offline
|
@GFI: We also need NDR's to be scanned in the public folders, please.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 3.Apr.2008 2:29:50 PM
|
|
|
kharris
Posts: 16
Joined: 10.Aug.2007
Status: offline
|
I know it's happening for everyone else too, and it is frustrating. I just decided to create a temp rule in MS to delete emails with all of the variations for the NDRs we're receiving and it is at least keeping the backscatter to a minimum. Of course with this approach valid NDRs are now deleted, but it's a trade off worth taking for now.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 4.Apr.2008 1:49:50 AM
|
|
|
jmjacquet
Posts: 9
Joined: 10.Mar.2008
Status: offline
|
To Alexc
Thanks for your update. It's good to know that GFI's team are working on this problem.
I'm sure you will find a good solution within a reasonable time.
Regards.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 4.Apr.2008 4:20:28 AM
|
|
|
wrabbit
Posts: 13
Joined: 18.Aug.2006
Status: offline
|
quote:
Regarding what wrabbit said about the 2 subjects in the email -- actually the second subject is the one of the embedded email, which, as I said, does not get scanned currently.
Hi Alec
Thanks for the update.
I know it's a side issue to the major one of the NDR spam, but be aware that any e-mail, ie not backscatter, sent with 2 subjects the second subject is not scanned. I can see this being something that spammers will take advantage off in the future as the last subject is the one that Outlook displays.
eg
Mail from:spammer@spammer.com
rcpt to:mypoorusers@helpless.com
data
Subject: Regarding our meeting next Wednesday
Subject: Get your free Rolex watches
.
The first subject is scanned by GFI, the second isn't - so keyword filtering on the headers will not catch this mail. I realise one of the other checks will probably catch it instead. However if it gets through the user will see Get your free Rolex watches as the subject in Outlook. And I'll get the phone call as to how this obvious spam got through.
If someone else could confirm they're seeing the same behaviour.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 4.Apr.2008 8:58:10 AM
|
|
|
JanZoet
Posts: 576
Joined: 20.Feb.2008
Status: offline
|
Hello,
M4Gg0T5,
When you enable the Bayesian Analysis and this filter does not detect the message as spam it will be past on to the next filter in line.
So yes, your Keyword Checker will still be used.
Kind regards,
_____________________________
Jan Zoet
Technical Support - GFI Software - www.gfi.com
Messaging, Content Security & Network Security Software
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 4.Apr.2008 9:08:55 AM
|
|
|
pcecom
Posts: 16
Joined: 14.Apr.2005
Status: offline
|
I can confirm spam with double subjects getting through for my users. I find most of them have zip attachements. I don't want to go back to deleting mail with zip attachements but if it gets much worse I may have to.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 5.Apr.2008 11:35:05 PM
|
|
|
deckking
Posts: 9
Joined: 28.Mar.2008
Status: offline
|
Looks like GFI tech support is working hard on this, really hope it can be fixed soon as this is unacceptable in some companies.
One of big company in Toronto, they're using Ironport as the first line and BrightMail as second line for antispam, hard to believe that over 95% of the email received are spam and there is almost no spam can reach end user.
To my own experience, GFI has a great product and fabulous tech support person, hope they can make ME more & more reliable.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 7.Apr.2008 8:00:00 AM
|
|
|
KristofT
Posts: 77
Status: offline
|
Since all outbound e-mails pass GFI too, isn't it possible to keep track of all e-mail addresses to which an e-mail is send last x days. When afterwards, an NDR comes in, GFI can scan if one of these addresses is in the NDR message.
if so => the NDR may be delivered to the user
if not => delete the NDR
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 7.Apr.2008 8:35:28 AM
|
|
|
trcc
Posts: 8
Joined: 9.Nov.2007
Status: offline
|
I had the same idea...the more I think of that solution, the more it seems the best way to me ;-)
I can't imagine that this tracking and comparing inbound NDRs/outbound mails could decrease performance too much.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 7.Apr.2008 8:40:49 AM
|
|
|
steven112024
Posts: 17
Joined: 1.Jun.2006
Status: offline
|
KristofT,
Great idea. I second that. Maybe NDRs can also be scanned against the auto whitelist.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 7.Apr.2008 9:35:22 AM
|
|
|
pmcneill
Posts: 132
Joined: 18.May2005
Status: offline
|
Hundreds more of these over the weekend in various mailboxes here.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
