RE: Getting Hit Hard by JPG Spam from Own Domain- Help!
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
RE: Getting Hit Hard by JPG Spam from Own Domain- Help! - 11.Dec.2008 7:56:04 AM
|
|
|
leastcmplicated
Posts: 127
Joined: 25.Nov.2006
Status: offline
|
I think we are having the exact same problem, with slight differences. The spam we get is not only from the users own account but legit distro lists as well. The spams subjects are ALWAYS the same either Your Order, Delivery Status Notification, Re: your Order or Re: Message. Sometimes they make it into the users Junk Mail folder within Outlook, sometimes they end up in the inbox. No matter the subject, it always has a small box with a red X (like a broken pic), thats hyperlinked. Usually 2 of those emails follow eachother within a couple minutes. For instance, I have 4 in my Junk Mail folder that came in at 4:37 and 4:38 this morning. Does any of this sound familiar? Man I hope so!
edit: emails are always sent with high importance as well.
< Message edited by leastcmplicated -- 11.Dec.2008 7:57:11 AM >
|
|
|
|
|
RE: Getting Hit Hard by JPG Spam from Own Domain- Help! - 11.Dec.2008 8:48:43 AM
|
|
|
egypt123
Posts: 73
Joined: 4.Dec.2006
Status: offline
|
Yes, it sounds familiar. It would be nice if I could run the Keyword filter on ALL SMTP mail regardless of sender name, domain, IP, whatever!!!!! It would stop 98% of this spam!
|
|
|
|
|
RE: Getting Hit Hard by JPG Spam from Own Domain- Help! - 11.Dec.2008 8:54:46 AM
|
|
|
leastcmplicated
Posts: 127
Joined: 25.Nov.2006
Status: offline
|
egypt: Then I'm glad its not just me. I was beginning to think we had some sort of virus/malware, despite my constant scans that come up empty.
Anything GFI? this is extremely annoying. We're talking about ~50+ per user a day! my users mailboxes are filling up and my bosses are NOT happy, especially the ones who have blackberry's
|
|
|
|
|
RE: Getting Hit Hard by JPG Spam from Own Domain- Help! - 11.Dec.2008 11:26:13 AM
|
|
|
cobi
Posts: 92
Joined: 9.Aug.2007
Status: offline
|
Are they using Outlook in the "Cached Excahnge mode"?
Depending on the version of Outlook (2003 or higher I think).....
1. Check to see if they have their OWN email address in their contacts folder
2. If so, go to Tools, Options, Preferences, Junk E-mail, Safe Senders and see if the "Also trust email from my Contacts" is checked
I'm testing this fix for two users right now.
|
|
|
|
|
RE: Getting Hit Hard by JPG Spam from Own Domain- Help! - 11.Dec.2008 11:56:47 AM
|
|
|
cobi
Posts: 92
Joined: 9.Aug.2007
Status: offline
|
UPDATE: Nope, still getting white listed. It was worth a shot.
|
|
|
|
|
RE: Getting Hit Hard by JPG Spam from Own Domain- Help! - 11.Dec.2008 12:55:39 PM
|
|
|
egypt123
Posts: 73
Joined: 4.Dec.2006
Status: offline
|
These SHOULD be getting caught by my server-side spam filter (GFI). They SHOULD be scanned and processed by GFI/Exchange PRIOR to hitting the user Mailbox. It should not matter how I have my client-side (Outlook) settings, whitelist, or custom rules setup. I'm 99.9% sure this is not a client-side software/setup issue.
Now, I guess you could setup an Outlook custom rule to move any email FROM xyz@yourdomain.com TO xyz@yourdomain.com (or using a keyword) to Junk, but it doesn't really solve problem. The spam will still hit the Exchange mailbox and will only be preocessed when the user opens their Outlook client. I'd rather GFI find the solution so I can implement and kill these spam mails at the enterprise level rather than go around and configure custom rules for people.
< Message edited by egypt123 -- 11.Dec.2008 12:57:59 PM >
|
|
|
|
|
RE: Getting Hit Hard by JPG Spam from Own Domain- Help! - 11.Dec.2008 12:59:12 PM
|
|
|
cobi
Posts: 92
Joined: 9.Aug.2007
Status: offline
|
Yeah, I don't want Outlook doing anything either. Just trying to figure out WHERE these users are being "whitelisted".
I even blacklisted those users and it made NO difference.
|
|
|
|
|
RE: Getting Hit Hard by JPG Spam from Own Domain- Help! - 11.Dec.2008 10:15:14 PM
|
|
|
leastcmplicated
Posts: 127
Joined: 25.Nov.2006
Status: offline
|
cobi, egypt - how is your spf setup and what is your order? since we are all having the same problems, maybe we can see how our modules are setup
|
|
|
|
|
RE: Getting Hit Hard by JPG Spam from Own Domain- Help! - 12.Dec.2008 10:03:43 AM
|
|
|
egypt123
Posts: 73
Joined: 4.Dec.2006
Status: offline
|
I seem to be successfully fitering these spam messages now. Try this:
1. Go to the GFI programs folder and make a backup of the config.mdb file. Open the product copy of the config.mdb file and search the antispam2_autowhitelist table for any entries that contain your domain name. If any are found, remove them and save the file.
2. Go to the GFI programs folder and make a backup of the autowhitelist.mdb file. Open the product copy of the autowhitelist.mdb and search the autowhitelist table for any entries that contain your domain name. If any are found, remove them.
3. Add you domain to the Custom Blacklist. Not sure if this is required, but this is what I did.
4. Move Custom Blacklist to the top module priority. Here's what I have:
- Custom Blacklist
- SPF
- Keyword Checking
- Email/Domain whitelist
- IP Whitelist
...and so forth...
I think the top 3 will stop most of the spam, and possibly some good/legit mail. You may have to play with the order some.
5. I did add an SPF record on our DNS as --- v=spf1 ip4:74.xxx.xxx.xxx -all (your SMTP server IP goes in the ip4: section)
6. Make sure GFI is looking at the correct DNS where you have the SPF record.
- Right click Anti-Spam > Properties > Select DNS Server > check 'Use the Following DNS Server' > enter the DNS IP where your SPF record is defined.
I would try steps 1 thru 4 first if you haven't already added an SPF record and see what happens. If they're still coming through, try the SPF stuff. I also enabled SenderID filtering on my Exchange SMTP server, but the spams were still coming after I had made that change (days ago) so I'm not sure if it has any impact here.
Still waiting to see what the ramifications are (any false-positives) of my changes, but it looks promising so far.
< Message edited by egypt123 -- 12.Dec.2008 10:21:34 AM >
|
|
|
|
|
RE: Getting Hit Hard by JPG Spam from Own Domain- Help! - 12.Dec.2008 10:33:38 AM
|
|
|
egypt123
Posts: 73
Joined: 4.Dec.2006
Status: offline
|
Well, I take that back... I have been able to catch some of them, but the single image ones (that contain no content AT ALL) seem to be getting through still. Made another tweak and will monitor it. Ugh...
|
|
|
|
|
RE: Getting Hit Hard by JPG Spam from Own Domain- Help! - 15.Dec.2008 4:42:07 AM
|
|
|
tho
Posts: 8
Joined: 22.May2008
Status: offline
|
Hi Egypt123
Have you had any word or assistance from GFI yet - I'm also batteling this without any success. My next move is to open a support case, was thoug hoping someone would stuble on the rigth configuration and post to the thread. My main problem is also that the majority of the spam mails are getting whitelisted allthoug there is no whitelist entry that allows this to go through. Well back to the battlefield. Please let me know if you solve this matter. I would greatly appreciate that.
THO
|
|
|
|
|
RE: Getting Hit Hard by JPG Spam from Own Domain- Help! - 15.Dec.2008 7:28:45 AM
|
|
|
egypt123
Posts: 73
Joined: 4.Dec.2006
Status: offline
|
I'm not sure why those emails are getting Whitelisted. Do you have the Whitelist Public folder open to all users or heaven forbid the Internet? I did EVERYTHING (looked at and made changes to GFI, Exchange, SMTP, OWA, Outlook server-side rules, etc.) to stop my spam so it's hard for me to remember and list it all. I have a bunch of things going on this morning and am super busy, but I'll try to post what I did later today.
|
|
|
|
|
RE: Getting Hit Hard by JPG Spam from Own Domain- Help! - 15.Dec.2008 9:08:12 AM
|
|
|
tho
Posts: 8
Joined: 22.May2008
Status: offline
|
Thanks for your reply. I have the Whitelist folder open for all users however I'm not scanning it so that is not producing it. Are you free of spam now or is it still hitting you hard? I appreciate your effort for gaining a solution.
THO
|
|
|
|
|
RE: Getting Hit Hard by JPG Spam from Own Domain- Help! - 15.Dec.2008 5:03:32 PM
|
|
|
RSP
Posts: 1436
Joined: 31.Oct.2006
From: The East Riding of Yorkshire, UK
Status: offline
|
You can alter the attachment spam test to include jpegs: http://kbase.gfi.com/showarticle.asp?id=KBID003142
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
