RE: Flood of "System Administrator" Undeliverable SPAM, please help
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
RE: Flood of "System Administrator" Undeliver... - 9.Apr.2008 3:06:08 PM
|
|
|
SMHCO
Posts: 19
Joined: 24.Mar.2008
Status: offline
|
When I add ips.backscatterer.org to DNS Blacklists it fails the DNS test.
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 10.Apr.2008 1:45:55 AM
|
|
|
OBV
Posts: 5
Joined: 12.Oct.2007
From: Vreden - Germany
Status: offline
|
I changed the registry value and added the new DNS-Blacklist.
The DNS-Test was succesfull. I will watch if this solution will help.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 10.Apr.2008 6:31:43 AM
|
|
|
markrees
Posts: 27
Joined: 9.Feb.2005
Status: offline
|
this is affecting us now. one of our users (just one user so far) is receiving say 10 of these every minute.
what's not helping is the fact that the e-mails are going to his blackberry as well!!!!
i've just stuck an outlook rule in place for now.
how come GFI haven't got a fix out yet????
< Message edited by markrees -- 10.Apr.2008 6:35:14 AM >
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 10.Apr.2008 7:06:02 AM
|
|
|
LukeQuake
Posts: 20
Joined: 18.Mar.2008
Status: offline
|
quote:
ORIGINAL: markrees
this is affecting us now. one of our users (just one user so far) is receiving say 10 of these every minute.
what's not helping is the fact that the e-mails are going to his blackberry as well!!!!
i've just stuck an outlook rule in place for now.
how come GFI haven't got a fix out yet????
Have you tried implementing the temp fixes detailed here: http://kbase.gfi.com/showarticle.asp?id=KBID003322 ????
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 10.Apr.2008 9:39:40 AM
|
|
|
pmcneill
Posts: 135
Joined: 18.May2005
Status: offline
|
quote:
ORIGINAL: JanZoet
Hello,
I would like to provide you with an update.
We are still very busy looking into this as per Alexc's post.
Engineering is working on a major change of the MailEssentials Scanning Engine.
We have updated http://kbase.gfi.com/showarticle.asp?id=KBID003322 with a backscatter Blacklist and hopefully you will benefit from using this list.
As soon as I receive another update I will inform you about this via this thread.
Kind regards,
Hi Jan,
Thank you for the update. I know nobody likes to guess on timelines for things like this, but can you give us an idea if we're talking days, weeks, or months here? Whether or not we enable the "not enthusiastically recommended" solution you link to will depend on how long we're going to suffer from the problem. Not a huge fan of temporary workarounds, and would wait on it if I thought we'd have a solution soon, but the problem is getting worse on our end, so if it's going to be weeks until a permanent solution is available, we may look at it as the lesser of two evils.
Thanks.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 10.Apr.2008 11:40:22 AM
|
|
|
lakintire1
Posts: 21
Joined: 21.Jul.2004
Status: offline
|
How do I add ips.backscatterer.org to dns blacklist in ME10? Thanks.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 14.Apr.2008 4:44:47 AM
|
|
|
LukeQuake
Posts: 20
Joined: 18.Mar.2008
Status: offline
|
Can we expect a fix this week?
We were again hit over the weekend.... :(
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 14.Apr.2008 12:22:24 PM
|
|
|
alexc
Posts: 50
Joined: 23.Jul.2003
Status: offline
|
Hi all,
I just wanted to post a small update on this one.
We are currently working on a patch which will enable the following features in GFI MailEssentials to filter the contents of the emails frequently embedded in NDRs:
- Bayesian Filter
- DNSRBL
- SURBL
- Keyword Checking
We have gone for these features because we believe this set will be the most helpful in these circumstances (and are opting for not going for the whole feature set, at least not at one go, so as to be able to deliver something to you folks ASAP).
This patch is currently undergoing QA, and unless we come across any show stoppers we should be able to deliver it beginning of next week of the 21 April.
Following that, we would ask you to help us determine on the field the ultimate effectiveness of these updates, and will then take it off from there -- should it prove to be effective (we believe it should), we will then follow up with work on including these updates in a service release build of the product.
Also in the works is an update so as to check NDRs against the auto-whitelist (also as suggested on this thread) which we would probably deliver in the eventual service release build. It involves UI changes and makes for a much heftier patch, which is why we opted to ship this in the service release build.
I would like to thank you all again for your feedback and cooperation on this matter.
_____________________________
Alex Cachia
GFI Software - www.gfi.com
Messaging, Content Security & Network Security Software
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 14.Apr.2008 12:47:31 PM
|
|
|
pmcneill
Posts: 135
Joined: 18.May2005
Status: offline
|
Excellent news. I just finished with a user who was standing at the Helpdesk counter with a Blackberry vibrating away receiving these things (over 280 of them in the last hour or so). Configured an Outlook rule to delete the vast majority of them. Fun stuff.
Thanks for your attention to the issue folks at GFI. Looking forward to putting this patch in place.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 14.Apr.2008 1:06:59 PM
|
|
|
cobi
Posts: 20
Joined: 9.Aug.2007
Status: offline
|
Great information in this thread!
I enabled, recipient filtering & tarpitting this weekend, also did the registry hack to scan NDR's. ME was catching about 28,000 directory harvesting emails per day, and it is now zero. If nothing else it takes a bunch of traffic off my server. Also I never realized what a problem backscatter was and that I could have been contributing to it. I checked to see if our IP was blacklisted by backscatter.org and it wasn't but it had been last summer. Interesting.
One question, do I need to turn off the Directory harvesting filters in ME since I enabled the tarpitting and recipient filtering? Is there any reason to leave it on?
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 14.Apr.2008 1:12:14 PM
|
|
|
pmcneill
Posts: 135
Joined: 18.May2005
Status: offline
|
If the recipient filtering is set up properly and doing it's job (which it sounds like it is in your case) then the DH module is redundant and there is no reason to leave it on IMO. We waited a week after putting recipient filtering in place, saw DH catching exactly zero mail, and turned it off. Having it running might even slow things down as it seems likely that you'd now be doing two AD lookups instead of one (one for recipient filtering, and one for the DH module).
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 15.Apr.2008 1:33:39 AM
|
|
|
trcc3
Posts: 19
Joined: 11.Apr.2008
Status: offline
|
Great news, thank you !
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 15.Apr.2008 4:07:53 AM
|
|
|
jmjacquet
Posts: 9
Joined: 10.Mar.2008
Status: offline
|
Wonderful news !!! We are wating for this patch.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
RE: Flood of "System Administrator" Undeliver... - 