RE: Flood of "System Administrator" Undeliverable SPAM, please help

RE: Flood of "System Administrator" Undeliverable SPAM, please help (Full Version)

All Forums >> [Content Security] >> GFI MailEssentials for Exchange/SMTP

Message

gilman1 -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (7.Apr.2008 9:41:19 AM)
Since all outbound e-mails pass GFI too, isn't it possible to keep track of all e-mail addresses to which an e-mail is send last x days. When afterwards, an NDR comes in, GFI can scan if one of these addresses is in the NDR message. if so => the NDR may be delivered to the user if not => delete the NDR I am having the same problem. How do you do this??

NTAtech -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (7.Apr.2008 10:09:09 AM)
Has this issue been resolved yet. My users are being bomborded with NDRs and it seems to be getting worse for us. 100-200 at a time per user. Please assist. The registry change did not work for us. Thanks

mattbern -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (7.Apr.2008 11:01:14 AM)
I've enabled the registry setting I'm using zen.spanhaus.org for DNS blacklists please see spamhaus.org for rules surronding it's use I have the latest version of GFI I also performed the following http://support.microsoft.com/default.aspx?scid=kb;en-us;886208 and enabled tarpitting http://support.microsoft.com/kb/842851/en-us this seems to be pretty successful for me

pmcneill -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (7.Apr.2008 12:30:23 PM)
While all of those changes may be good practice, the only one that might possibly have the effect of reducing the amount of backscatter that ends up in *your* user's mailboxes is the registry change. I don't see a lot of realistic options for fixing this issue other than the product being able to filter based on a DNSBL that lists known backscatterers.

caswinans -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (7.Apr.2008 1:37:16 PM)
everyone that is experiencing this, do youh HAVE EXTERNAL SPF records?

pmcneill -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (7.Apr.2008 1:41:01 PM)
We don't. That could possibly help, but I find it unlikely that a mail server that is misconfigured to send NDRs for addresses not found at their organization would use an SPF lookup to determine that I didn't send them the SPAM they're getting. Anything is possible though. What's your experience been?

Eric -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (7.Apr.2008 2:43:22 PM)
We have an SPF record, but I guess I don't understand how that would help. That would just let other servers check to see if an email my domain was sent from the correct IP. Maybe you can explain what I'm missing. Eric

caswinans -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (7.Apr.2008 2:44:42 PM)
pmcneill thinking in how GFI works. if no SPF is found it passes emails thru at it lowest setting you state "misconfigured to send NDRs for addresses not found at their organization would use an SPF lookup to " . if im a spammer and send spam to someone@abc.com and that person doesnt exist @abc.com company if your spf record was correct and they have the mildest settings, the email would fail at SPF and a non deliverable shouldnt be sent

pmcneill -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (7.Apr.2008 2:48:32 PM)
That's correct, and a good suggestion. It assumes that a good chunk of the servers that are giving us grief are doing SPF lookups with whatever SPAM solution they are using, but it definitely couldn't hurt, and might stop a chunk of this stuff. I'm going to look into registering one. Thanks for a good suggestion!

FresnoDoug -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (7.Apr.2008 5:53:41 PM)
How about simply checking the autowhitelist against the intended recipient in the NDR? If any of my users had sent the mail that generated the NDR, the intended recipient would be in the autowhitelist. If the recipient isn't in the autowhitelist, wouldn't it be safe to assume the NDR is backscatter & delete it?

pmcneill -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (8.Apr.2008 10:48:35 AM)
quote: ORIGINAL: FresnoDoug How about simply checking the autowhitelist against the intended recipient in the NDR? If any of my users had sent the mail that generated the NDR, the intended recipient would be in the autowhitelist. If the recipient isn't in the autowhitelist, wouldn't it be safe to assume the NDR is backscatter & delete it? Interesting idea.

LukeQuake -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (9.Apr.2008 4:48:27 AM)
quote: ORIGINAL: FresnoDoug How about simply checking the autowhitelist against the intended recipient in the NDR? If any of my users had sent the mail that generated the NDR, the intended recipient would be in the autowhitelist. If the recipient isn't in the autowhitelist, wouldn't it be safe to assume the NDR is backscatter & delete it? Good Thinking!

pcecom -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (9.Apr.2008 9:07:15 AM)
Got hit with another batch of NDR's & DSN's today, over 300 of them. I have applied the registry change, added keywords to GFI and they still seem to get through. This latest batch appears to have a foreign character set in the subject. Looks russian. I remember changing a filter for foreign character sets along time ago so I don't know why these would get through either. We need a fix for this asap!

JanZoet -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (9.Apr.2008 11:22:44 AM)
Hello, I would like to provide you with an update. We are still very busy looking into this as per Alexc's post. Engineering is working on a major change of the MailEssentials Scanning Engine. We have updated http://kbase.gfi.com/showarticle.asp?id=KBID003322 with a backscatter Blacklist and hopefully you will benefit from using this list. As soon as I receive another update I will inform you about this via this thread. Kind regards,

FresnoDoug -> RE: Flood of "System Administrator" Undeliverable SPAM, please help (9.Apr.2008 2:02:44 PM)
Keep in mind that the backscatter blacklist will be applied to all mail, not just the NDRs. Also I'm not fond of blacklists www.blacklist.org that require payment to be removed. The one listed in the KB article is in this category.

Page: << < prev 3 4 [5] 6 7 next > >>