Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Member List  Search  FAQ  Ticket List  Log Out

 

Backscatter Spam

  		Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [Web & Mail Security] >> GFI MailEssentials >> Backscatter Spam Page: [1]
Login
Message << Older Topic   Newer Topic >>
Backscatter Spam - 2.Nov.2009 5:18:30 AM   
d8v1d

 

Posts: 55
Joined: 3.May2007
Status: offline 		Hi There

We are receiving a number of NDR's for emails which we didn't send. We are using Mail Essentials version 14.1 build 20090826. I have checked the ase_scandsn registry key and it is enabled. Is there anything else we need to check?
Post #: 1
RE: Backscatter Spam - 2.Nov.2009 5:22:38 AM   
RSP

 

Posts: 1270
Joined: 31.Oct.2006
From: The East Riding of Yorkshire, UK
Status: offline 		There are a couple of other registry entries to consider in KBID003322 too. Although it mentions default values, take the information with "a pinch of salt".

_____________________________

Disclaimer: I don't work for GFI, I just use their products.

(in reply to d8v1d)
Post #: 2
RE: Backscatter Spam - 2.Nov.2009 8:32:37 AM   
d8v1d

 

Posts: 55
Joined: 3.May2007
Status: offline 		Thanks for the reply RSP. I'm afraid its all setup correctly as far as i can see.

(in reply to RSP)
Post #: 3
RE: Backscatter Spam - 2.Nov.2009 8:51:35 AM   
RSP

 

Posts: 1270
Joined: 31.Oct.2006
From: The East Riding of Yorkshire, UK
Status: offline 		What does the dashboard say happened to the emails? If it's "Whitelisted", then check your whitelist carefully.

Note that if you have the NDRSpamAllowSameDomain set to 1, then an NDR from ANY domain that's listed in your whitelist will be allowed through the NewSenders check. Example, if you've ever emailed someone at hotmail, then a spammy NDR from hotmail will be allowed through.

_____________________________

Disclaimer: I don't work for GFI, I just use their products.

(in reply to d8v1d)
Post #: 4
RE: Backscatter Spam - 2.Nov.2009 8:57:30 AM   
d8v1d

 

Posts: 55
Joined: 3.May2007
Status: offline 		Hi RSP,

The NDRSpamAllowSameDomain is set to 0. I have checked the dashboard but it doesn't go back that far when the last bit of spam was received.

(in reply to RSP)
Post #: 5
RE: Backscatter Spam - 2.Nov.2009 9:11:34 AM   
RSP

 

Posts: 1270
Joined: 31.Oct.2006
From: The East Riding of Yorkshire, UK
Status: offline 		The dashboard is a good starting point, as you can determine which (if any) module affected the message.

If you have all your modules set to log to log files, you should find details of the message in one of the files in the Logs folder.

Next time a NDR spam comes through, also grab a copy of the ase* files in the Debuglogs, as they have detailed information on the message processing.

_____________________________

Disclaimer: I don't work for GFI, I just use their products.

(in reply to d8v1d)
Post #: 6
Page:   [1]
All Forums >> [Web & Mail Security] >> GFI MailEssentials >> Backscatter Spam Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts