Graphics Msgs and Chinese characters in 14 and 14.1
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
Graphics Msgs and Chinese characters in 14 and 14.1 - 13.Oct.2009 9:20:40 AM
|
|
|
tuckotter
Posts: 10
Joined: 23.May2007
Status: offline
|
Messages from our GFI Mailessentials 14.1 server are directed to our Exchange 2003 server.
I've been having 2 problems with Spam email.
First Problem: We continue to get messages with graphics and text for Viagra and also messages that have no text but a graphic for Levitra. All employees have been putting them into the "This is Spam" folder for months and months trying to train the Bayesian Filter but we continue to get them. Yes, I have the box checked for "Check if email contains remote images only" and "Check if email contains embedded GIF images" and the action for Header Checking is to Delete. The filter priority is set to GFI's default settings. They are still coming through.
Second problem: We are getting messages with Chinese characters. Some show up in the Bayesian Filter folder and some show up in our Public Folders like in this graphic:
In Header Checking "Block mails that use these languages (character sets) is checked. Block the list below is checked and the only box not checked in the language list is Western Europe and United States. I even tried the reverse Block all except the list below and checked Western Europe and United States but the same thing happens.
I opened up a ticket with GFI support, sent in the troubleshooter report, a sample header and message and a discription of the problem and all settings. This was going nowhere as I was asked to run a 2nd troubleshooter report and give more samples, and then a short time later asked to run a 3rd troubleshooter report.
Here is one of the headers from one of the messages:
Microsoft Mail Internet Headers Version 2.0
Received: from xxx.xxxxxx.org ([172.16.1.5]) by mail.xxxxxx.org with Microsoft SMTPSVC(6.0.3790.3959);
Mon, 12 Oct 2009 23:53:42 -0400
Received: from COMPUTER888 ([61.129.172.186]) by xxxx.xxxxxx.org with Microsoft SMTPSVC(6.0.3790.3959);
Mon, 12 Oct 2009 23:53:30 -0400
From: =?GB2312?B?1tzNqTEzNzc0MzA3NDk3?= <724241@ZT.net>
Subject: =?GB2312?B?1tC5+rn6vMrGpLjv1bkgINbQufq5+rzK0KzVuQ==?=
To: arts@xxxxxxx.org
Content-Type: text/plain
Reply-To: sh13764403066@163.com
Date: Tue, 13 Oct 2009 11:55:15 +0800
X-Priority: 3
X-Library: Indy 9.00.10
Return-Path: 724241@ZT.net
Message-ID: <MX1q65Rn8P5o7P6umLr0000037d@xxx.xxxxxxxxx.org>
X-OriginalArrivalTime: 13 Oct 2009 03:53:30.0609 (UTC) FILETIME=[BA5B4610:01CA4BB8]
My question is simply this, why are the messages with Chinese characters allowed to even get through to the public folders or a person's mailbox as they are supposed to be blocked by the setting in Header Checking? If that won't do it, why not?
Anyone got any ideas on how to block the Viagra and Levitra messages. I know others on the forum are having that problem too.
Tim
|
|
|
|
|
RE: Graphics Msgs and Chinese characters in 14 and 14.1 - 13.Oct.2009 1:53:07 PM
|
|
|
RSP
Posts: 1270
Joined: 31.Oct.2006
From: The East Riding of Yorkshire, UK
Status: offline
|
Easy one first: Your public folders are mail-enabled; remove that unless you actually need it for an internal system.
You are correct in setting your system to "Block the list" rather than the "Block all except the list" option, as this will allow emails with unrecognised character sets. If you set it to "Block all except" and invert the selection, you'll get much more blocked and many of these will be legitimate ones.
The messages you're seeing are probably expoiting the fact that ME doesn't recognise the character set. Therefore you need to block them through other means, such as blacklists.
I don't believe that the Bayesian filter works against anything except English.
What does your dashboard say happened to the emails it let through?
See the following articles for blocking image spam:
http://kbase.gfi.com/showarticle.asp?id=KBID002763
http://kbase.gfi.com/showarticle.asp?id=KBID003142
_____________________________
Disclaimer: I don't work for GFI, I just use their products.
|
|
|
|
|
RE: Graphics Msgs and Chinese characters in 14 and 14.1 - 13.Oct.2009 8:36:56 PM
|
|
|
tuckotter
Posts: 10
Joined: 23.May2007
Status: offline
|
quote:
ORIGINAL: RSP
Easy one first: Your public folders are mail-enabled; remove that unless you actually need it for an internal system.
Thanks for the reply RSP. We receive email responses in those that are mail-enabled so I can't remove that.
You are correct in setting your system to "Block the list" rather than the "Block all except the list" option, as this will allow emails with unrecognised character sets. If you set it to "Block all except" and invert the selection, you'll get much more blocked and many of these will be legitimate ones.
Yes, correct.
The messages you're seeing are probably expoiting the fact that ME doesn't recognise the character set. Therefore you need to block them through other means, such as blacklists.
Yes, I could do that but the list would grow rather large in just a few weeks.
I don't believe that the Bayesian filter works against anything except English.
But why are some of the Chinese text messages being put into the Bayesian folder? Something is sending them there.
What does your dashboard say happened to the emails it let through?
I'm not sure how I can get that information as those messages came in at 12:05 AM and 1:20 AM so I didn't see the dashboard and I can't find it in any log. Where could I find it?
See the following articles for blocking image spam:
http://kbase.gfi.com/showarticle.asp?id=KBID002763
http://kbase.gfi.com/showarticle.asp?id=KBID003142
For the first article, ‘checkforallimages’ is set to 1 and “remoteimagebodysize” is set to 512 characters but I think I'll lower it a little to see if it helps. I looked at the 2nd article about attachments before and this is not about attachments so I haven't tried that.
|
|
|
|
|
RE: Graphics Msgs and Chinese characters in 14 and 14.1 - 14.Oct.2009 3:05:59 AM
|
|
|
rmiquel
Posts: 45
Joined: 18.May2009
Status: offline
|
Hi,
In addition to the recomendations from RSP, please also follow the recommendations suggested in the following thread:
http://forums.gfi.com/m_900782060/mpage_1/key_/tm.htm#900782135
Specially enabling the DNS blacklist (i.e zen.spamhaus.org) and the botnet zombie check. Also make sure your spamrazer module is enabled and up to date at all times.
Regards,
_____________________________
Roger Miquel
GFI Software - www.gfi.com
|
|
|
|
|
RE: Graphics Msgs and Chinese characters in 14 and 14.1 - 14.Oct.2009 5:19:11 AM
|
|
|
RSP
Posts: 1270
Joined: 31.Oct.2006
From: The East Riding of Yorkshire, UK
Status: offline
|
quote:
ORIGINAL: tuckotter
The messages you're seeing are probably expoiting the fact that ME doesn't recognise the character set. Therefore you need to block them through other means, such as blacklists.
Yes, I could do that but the list would grow rather large in just a few weeks.
By blacklists, I mean DNS blacklists, such as zen.spamhaus.org
I don't believe that the Bayesian filter works against anything except English.
But why are some of the Chinese text messages being put into the Bayesian folder? Something is sending them there.
Either your users are putting them there, or they are being addressed to the email address of the folder
What does your dashboard say happened to the emails it let through?
I'm not sure how I can get that information as those messages came in at 12:05 AM and 1:20 AM so I didn't see the dashboard and I can't find it in any log. Where could I find it?
If you are logging all your module actions, the details will be in a file in the Logs folder. What I'm specifically thinking here is that the messages were whitelisted, perhaps as a recipient whitelist entry.
_____________________________
Disclaimer: I don't work for GFI, I just use their products.
|
|
|
|
|
RE: Graphics Msgs and Chinese characters in 14 and 14.1 - 15.Oct.2009 2:23:15 PM
|
|
|
tuckotter
Posts: 10
Joined: 23.May2007
Status: offline
|
Hi rmiquel,
Well that's the rub. I had zen.spamhaus.org setup in the DNS Blacklists but it kept failing
the DNS Test. I contacted them and they traced the problem to my ISP, The State of Ohio NOC. I contacted the NOC
and they said too many people on their system were using the site that they had to block it. Go figure.
We are supposed to be switching to a new ISP in the next few weeks so I'll eventually be able to put the site back in.
DNS Blacklists has always been running; False positives have really been negligible. I am currently using bl.spamcop.net, cbl.abuseat.org and dnsbl.njabl.org, one of which will be disabled when I can use zen.spamhaus.org. Botnet and Zombie has always been checked.
For Spam URI Realtime Blocklists I am using multi.surbl.org.
Spamrazer updates every 30 minutes.
|
|
|
|
|
RE: Graphics Msgs and Chinese characters in 14 and 14.1 - 15.Oct.2009 2:29:12 PM
|
|
|
tuckotter
Posts: 10
Joined: 23.May2007
Status: offline
|
If you are logging all your module actions, the details will be in a file in the Logs folder. What I'm specifically thinking here is that the messages were whitelisted, perhaps as a recipient whitelist entry.
[/quote]
[/quote]
Well I haven't logged Whitelist as the employees have to ask me to add an address to the Whitelist so there is some control.
I will start logging it to see if that's where they are entering.
Update Fri October 16:Yesterday, I moved SPF to the #1 position in the Filter Priority and left the rest alone. So far today, I have not seen one spoofed message and have not seen one Viagra or Levtra graphic message show up in any Public Folders or User folders.
I checked the Whitelist log and not one spam message came in through the Whitelist.
< Message edited by tuckotter -- 16.Oct.2009 2:28:20 PM >
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
