SPAM Issue

Discussions on webmail and the Professional version.
Post Reply
iampud
Posts: 3
Joined: Sat Nov 26, 2005 5:22 pm

SPAM Issue

Post by iampud » Sat Nov 26, 2005 5:39 pm

Ok. Working with about 30 domain on ME Pro 1.9 which has been working great so far and with the way i have things setup i stop a good chuck of the spam. After trying what i know i have to come to source to ask for some help as i can not figure out how to stop this latest spam issue that i am having, in the hopes someone else has had this issue and fixed it. I did do a search here but did not see my issue.


The issue is from random ips i get
HELO mail.mydomainname.com 250
MAIL FROM: <random_grouping_of_letters@hotmail.com> 250
RCPT TO: <user@mydomainname.com> 250

Over all i get a few hundred of these a day.

The mail.mydomainname.com is my mail server but the external ip is a domain that host so i don't know if there is a way to stop it right there.

I have SPF setup to delete Failed lookups but it is not filtering these fake hotmail ips.

The random ips in question are not in any whitelist.

Can provide more data but wanted to keep it simple to start.

Not sure where to go

Any help will be great.

Thanks,
Shawn

MailEnable-Ben
Posts: 5858
Joined: Fri Jan 16, 2004 6:49 am
Location: Melbourne

Post by MailEnable-Ben » Mon Nov 28, 2005 1:10 am

Hi, there is not a great deal you can do about this and the result of these connections in most cases will not adversely affect the server performance. They are usually a result of viruses on rogue machines trying to send spam to a domain that is why the connecting IP is often different. The best setting to help with this is the ME Admin MMC->servers->localhost->SMTP Properties->Security TAB->Connection Dropping (Drop a connection when the failed number of commands or recipients reaches) when this is selected a connection can be dropped when a set amount of rcpt to: xxxx commands fail. If you are getting attacked it can be worth not selecting the "Add to denied IP addresses if this number is reached" as the management of the denied list can be a hassle the management of this list is currently under review and some changes will be made upon the release of version 2.
Regards,

Product Services
MailEnable Pty Ltd

To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.

iampud
Posts: 3
Joined: Sat Nov 26, 2005 5:22 pm

Post by iampud » Mon Nov 28, 2005 5:01 am

Thanks for the help Ben.

A spf softfail would most likely catch this error, does anyone have a suggestion on a filter based on a softfail. On fail i delete which easy enough and in my mind a safe bet but a softfail is most likely a fail but not always.

Thoughts anyone on suggested filters or steps?

paarlberg
Posts: 1071
Joined: Tue Mar 02, 2004 7:33 pm
Location: Atlanta, GA, USA

Post by paarlberg » Mon Nov 28, 2005 6:33 am

Try MEFilter

www.mefilter.com

The download is in the forum area..

It allows you to delete, mark, hold, move to a folder in the user's mailbox, etc.. all based on each SPF result.

iampud
Posts: 3
Joined: Sat Nov 26, 2005 5:22 pm

Post by iampud » Mon Nov 28, 2005 4:01 pm

Sorry should have made it more clear. Not a question of how to do the filter but what are people's suggestions of what to do with the filter. Filtering on softfail is easy the tricky part for me is what action to take.

Thanks for the info.

atinoco
Posts: 19
Joined: Tue Jun 21, 2005 4:56 pm

Post by atinoco » Sun Jan 01, 2006 10:35 pm

wondering the same thing.
-Andres Tinoco
PuntoWEB de Venezuela C.A.

Post Reply