RE: Flood of "System Administrator" Undeliverable SPAM, please help
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
RE: Flood of "System Administrator" Undeliver... - 7.Apr.2008 9:41:19 AM
|
|
|
gilman1
Posts: 5
Joined: 21.Feb.2007
Status: offline
|
Since all outbound e-mails pass GFI too, isn't it possible to keep track of all e-mail addresses to which an e-mail is send last x days. When afterwards, an NDR comes in, GFI can scan if one of these addresses is in the NDR message.
if so => the NDR may be delivered to the user
if not => delete the NDR
I am having the same problem. How do you do this??
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 7.Apr.2008 10:09:09 AM
|
|
|
NTAtech
Posts: 3
Joined: 20.Sep.2007
Status: offline
|
Has this issue been resolved yet. My users are being bomborded with NDRs and it seems to be getting worse for us. 100-200 at a time per user. Please assist. The registry change did not work for us. Thanks
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 7.Apr.2008 12:30:23 PM
|
|
|
pmcneill
Posts: 132
Joined: 18.May2005
Status: offline
|
While all of those changes may be good practice, the only one that might possibly have the effect of reducing the amount of backscatter that ends up in your user's mailboxes is the registry change.
I don't see a lot of realistic options for fixing this issue other than the product being able to filter based on a DNSBL that lists known backscatterers.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 7.Apr.2008 1:37:16 PM
|
|
|
caswinans
Posts: 59
Joined: 21.Apr.2006
Status: offline
|
everyone that is experiencing this, do youh HAVE EXTERNAL SPF records?
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 7.Apr.2008 1:41:01 PM
|
|
|
pmcneill
Posts: 132
Joined: 18.May2005
Status: offline
|
We don't. That could possibly help, but I find it unlikely that a mail server that is misconfigured to send NDRs for addresses not found at their organization would use an SPF lookup to determine that I didn't send them the SPAM they're getting. Anything is possible though. What's your experience been?
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 7.Apr.2008 2:43:22 PM
|
|
|
Eric
Posts: 17
Joined: 24.Jul.2007
Status: offline
|
We have an SPF record, but I guess I don't understand how that would help. That would just let other servers check to see if an email my domain was sent from the correct IP. Maybe you can explain what I'm missing.
Eric
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 7.Apr.2008 2:44:42 PM
|
|
|
caswinans
Posts: 59
Joined: 21.Apr.2006
Status: offline
|
pmcneill
thinking in how GFI works.
if no SPF is found it passes emails thru at it lowest setting
you state "misconfigured to send NDRs for addresses not found at their organization would use an SPF lookup to " . if im a spammer and send spam to someone@abc.com and that person doesnt exist @abc.com company if your spf record was correct and they have the mildest settings, the email would fail at SPF and a non deliverable shouldnt be sent
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 7.Apr.2008 2:48:32 PM
|
|
|
pmcneill
Posts: 132
Joined: 18.May2005
Status: offline
|
That's correct, and a good suggestion. It assumes that a good chunk of the servers that are giving us grief are doing SPF lookups with whatever SPAM solution they are using, but it definitely couldn't hurt, and might stop a chunk of this stuff.
I'm going to look into registering one. Thanks for a good suggestion!
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 7.Apr.2008 5:53:41 PM
|
|
|
FresnoDoug
Posts: 34
Joined: 28.Nov.2007
Status: offline
|
How about simply checking the autowhitelist against the intended recipient in the NDR? If any of my users had sent the mail that generated the NDR, the intended recipient would be in the autowhitelist. If the recipient isn't in the autowhitelist, wouldn't it be safe to assume the NDR is backscatter & delete it?
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 8.Apr.2008 10:48:35 AM
|
|
|
pmcneill
Posts: 132
Joined: 18.May2005
Status: offline
|
quote:
ORIGINAL: FresnoDoug
How about simply checking the autowhitelist against the intended recipient in the NDR? If any of my users had sent the mail that generated the NDR, the intended recipient would be in the autowhitelist. If the recipient isn't in the autowhitelist, wouldn't it be safe to assume the NDR is backscatter & delete it?
Interesting idea.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 9.Apr.2008 4:48:27 AM
|
|
|
LukeQuake
Posts: 20
Joined: 18.Mar.2008
Status: offline
|
quote:
ORIGINAL: FresnoDoug
How about simply checking the autowhitelist against the intended recipient in the NDR? If any of my users had sent the mail that generated the NDR, the intended recipient would be in the autowhitelist. If the recipient isn't in the autowhitelist, wouldn't it be safe to assume the NDR is backscatter & delete it?
Good Thinking!
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 9.Apr.2008 9:07:15 AM
|
|
|
pcecom
Posts: 16
Joined: 14.Apr.2005
Status: offline
|
Got hit with another batch of NDR's & DSN's today, over 300 of them. I have applied the registry change, added keywords to GFI and they still seem to get through. This latest batch appears to have a foreign character set in the subject. Looks russian. I remember changing a filter for foreign character sets along time ago so I don't know why these would get through either. We need a fix for this asap!
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 9.Apr.2008 11:22:44 AM
|
|
|
JanZoet
Posts: 576
Joined: 20.Feb.2008
Status: offline
|
Hello,
I would like to provide you with an update.
We are still very busy looking into this as per Alexc's post.
Engineering is working on a major change of the MailEssentials Scanning Engine.
We have updated http://kbase.gfi.com/showarticle.asp?id=KBID003322 with a backscatter Blacklist and hopefully you will benefit from using this list.
As soon as I receive another update I will inform you about this via this thread.
Kind regards,
_____________________________
Jan Zoet
Technical Support - GFI Software - www.gfi.com
Messaging, Content Security & Network Security Software
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 9.Apr.2008 2:02:44 PM
|
|
|
FresnoDoug
Posts: 34
Joined: 28.Nov.2007
Status: offline
|
Keep in mind that the backscatter blacklist will be applied to all mail, not just the NDRs.
Also I'm not fond of blacklists www.blacklist.org that require payment to be removed. The one listed in the KB article is in this category.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
