RE: Flood of "System Administrator" Undeliverable SPAM, please help
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
RE: Flood of "System Administrator" Undeliver... - 23.Apr.2008 4:21:54 AM
|
|
|
trcc3
Posts: 6
Joined: 11.Apr.2008
Status: offline
|
Hello,
same language problem here. Mails in the "This ist spam email" folder will not be processed.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 23.Apr.2008 8:35:37 AM
|
|
|
andih98uk
Posts: 16
Joined: 31.Mar.2008
Status: offline
|
Ok as already mentioned i've upgraded to the latest build and also applied the patch to stop the NDR spam. Weirdly though today my 'Messages pending Submission' queue suddenly started filling up again with about 100 messages. I'd had this before but disabling a couple of blacklists seemed to do the trick. I did the same again, disabled all the DNS based checks, DNSBL, PURBL etc, restarted the GFI & SMTP services and waited for the queue to clear. Once it had cleared, i've re-enabled them all (except ips.backscatterer.org as this apparently isn't needed witht he new patch) and everythings back to normal. I can't understand this problem as i did DNS tests on all the DNSBL's before i stopped the services and everything came back DNS test ok.
very odd!
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 23.Apr.2008 10:11:03 AM
|
|
|
amartinez
Posts: 7
Joined: 21.Apr.2008
Status: offline
|
Hi Nicks and Forum
I applied the recently patch to block NDR, after I remode blacscatter(er).org from DNS BL and removed key words from Block KW properties. However I noted that I am receiving spam messages such as:
FROM: Mail Delivery Subsystem ([email=MAILER-DAEMON@aol.com]MAILER-DAEMON@aol.com[/email])
Subject: Returned mail: see transcript for details - Message is from an unknown sender
FROM: Mail Delivery Subsystem [MAILER-DAEMON@amini.org]
Subject: [NEWSENDER] - Returned mail: response error - Message is from an unknown sender
FROM: [email=MAILER-DAEMON@corbina.ru]MAILER-DAEMON@corbina.ru[/email]
Subject: [NEWSENDER] - Undeliverable mail: ????????? 17 ????? ????? - Message is from an unknown sender
FROM: noreply@googlegroups.com
Subject: [NEWSENDER] - Google Groups: No such group - Message is from an unknown sender
I have ME 12 with recently patch and ‘ase_scandsn’ DWORD value to ‘1’ , it is installed in a separated PC (Internal IP) as relay for a Exchange Server 5.5. (Internal IP).
What can I do? I would appreciate your comments.
Arturo
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 23.Apr.2008 11:57:54 AM
|
|
|
JanZoet
Posts: 575
Joined: 20.Feb.2008
Status: offline
|
Hello,
For the people that have the German version of MailEssentials:
Can you please download and apply the Patch once more: http://ftp.gfisoftware.com/patches/ME12/20080326/ME12_PATCH_20080421_01.zip
We have added a strings_de.xml and the installation instructions regarding this file have been added to readme.txt as well.
Kind regards,
_____________________________
Jan Zoet
Technical Support - GFI Software - www.gfi.com
Messaging, Content Security & Network Security Software
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 23.Apr.2008 12:29:34 PM
|
|
|
nintenDRU
Posts: 10
Joined: 23.Jan.2007
Status: offline
|
I guess its making a difference, since last night @ 5:30pm (pacific) untill now 9:30am (pacific) only 25 have slipped thru to my inbox. So its not blocking all of them but alot better that the hundreds that were making it thru.
Update: (10:30am) since I wrote this I have recieved 37 more in my inbox, so its not doing that good of a job blocking. Any suggestions anybody?
< Message edited by nintenDRU -- 23.Apr.2008 1:38:27 PM >
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 23.Apr.2008 3:44:18 PM
|
|
|
tmckeown
Posts: 61
Joined: 28.Mar.2004
From: Chicago, IL
Status: offline
|
Are most of you seeing this new patch work? My guys are still complaining about the amount of NDR spam they get. I did exactly what the patch says to do, but it didn't cure the problem. Are we expecting a newer patch at some point? I'm to the point where I might just shut off all NDR in Exchange.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 23.Apr.2008 6:00:45 PM
|
|
|
FresnoDoug
Posts: 30
Joined: 28.Nov.2007
Status: offline
|
Nuts.
Setup failed on .NET Framework 2.0. I remember reading something about it, but assumed that it woudl have been required for any Version 12 build. But I guess not. It uninstalled the previous version, then did the prerequisite check and decided that .NET Framework 2.0 was missing, and the only option it gave was Exit. So now everyone is getting solicited for Rolex watches and Viagra while I install .NET Framework 2.0 on my Exchange server.
--Doug
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 23.Apr.2008 6:34:13 PM
|
|
|
FresnoDoug
Posts: 30
Joined: 28.Nov.2007
Status: offline
|
OK, got it installed & everything seems to be working well now.
Will let you know if it seems to be effective.
Thanks again for the quick release of this patch...
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 24.Apr.2008 1:04:20 AM
|
|
|
trcc3
Posts: 6
Joined: 11.Apr.2008
Status: offline
|
Hello,
the German strings.xml is now working, thanks.
There's just one thing: Wouldn't it be good if ME would take the NDR-Spam out of the "This is spam"-folder to train the bay.filter?
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 25.Apr.2008 10:05:20 AM
|
|
|
jhamer
Posts: 11
Joined: 14.Jan.2004
From: Shawnee, KS
Status: offline
|
After applying the NDR Patch a few days ago and removing the backscatter blacklist and keywords, there are just too many NDR's getting through. ME is blocking a good number of them, but some users are still receiving 40-50 a day. I'll leave the patch installed but I'm going to go back to adding the keywords (and blocking legit NDRs also) and blacklist back into the mix until we get a better solution... Anyone else having success with creative solutions other than what has been discussed here?
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 25.Apr.2008 10:16:17 AM
|
|
|
Annancy
Posts: 12
Joined: 10.May2004
Status: offline
|
I have the same issue, but do not want to block all NDR's.
I have MSEC running as well and have added a content checking rule containing NDR keywords only applicable to selected users. If a user complains I let him choose if he wants all NDR's to get blocked or not and simply add him to this rule in MSEC. For our company (~ 800 Mailusers) this works ok even if it's quite dirty and a little bit time consuming. Currently I have only ten users added to this rule.
I'm also waiting for a better solution like accepting only NDR's to mails that have been sent recently.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 25.Apr.2008 11:57:07 AM
|
|
|
ChrisTRT
Posts: 3
Joined: 22.Apr.2008
Status: offline
|
Have installed the patch at a few customer sites (we're a distributor support company) and it is doing exactly what it says on the tin. However, many sites are still getting NDR's - but these have nothing inside them that indicate they are spam, so can see it would be impossible for GFI to detect it. As previously suggested, checking what's gone out and only returning DSN's for those would be good, but maybe quite disk intensive?
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 25.Apr.2008 12:12:38 PM
|
|
|
kvetsch
Posts: 16
Joined: 6.Mar.2008
Status: offline
|
I have installed the newest version and then the patch. We were getting tons of NDR spam before. Now...after the patch...we are getting none.
The mistake I initially ran into. I did not update to the newest version. I then realized you had to do this and then reapply the patch and the registry changes.
I notice now that they have changed the readme file in the patch to mention those issues.
But for those that are still having issues, make sure you're running the right version and that your registry keys are enabled correctly.
I am however having a problem with my Public folder scanning now. It has stopped working.
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 29.Apr.2008 7:19:56 AM
|
|
|
wrabbit
Posts: 13
Joined: 18.Aug.2006
Status: offline
|
Been running the patch for a week now and here's my feedback.
The situation is most definitely better than before. A large number of NDRs are now getting caught.
What's getting through still:
A large number of spam with cyrillic characters - this isn't caught by the standard char set filters as that doesn't exist - I'm experimenting with keyword filtering here eg recipients and .ru (as most of the mails are bounces from Russian mailservers).
NDRs which contain little spam content - completely understandable.
In addition users are well trained in putting spam into the This is spam folder for the Baysian filter. Some NDR mails are still not processed, and I need to clean this out manually once a week. Would be very useful if this could be changed.
However, overall it's a positive result here.
< Message edited by wrabbit -- 29.Apr.2008 7:31:29 AM >
|
|
|
|
|
RE: Flood of "System Administrator" Undeliver... - 2.May2008 11:53:33 AM
|
|
|
AndrewHDS
Posts: 2
Joined: 16.Nov.2007
Status: offline
|
quote:
ORIGINAL: jhamer
...Anyone else having success with creative solutions other than what has been discussed here?
Nope, in fact with the keywords, the registry entry set to scan undeliverables, the latest software (as of last night) and the patch I'm still getting undeliverables into my inbox, about 4 or 5 an hour. I have no idea if any of the above curtailed it, or it just dropped in volume (it seems to come in waves). Either way no email should get through because of the keywords we have in place.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
