Re: Spam Filtering HELP
From: BigDogBrian (none_at_none.com)
Date: 03/08/05
- Next message: Dan Hellebust: "Migrate from Goldmine 5.0 to Exchange 2003"
- Previous message: ian_journeaux_at_hotmail.com: "Exchange Cache Mode and Organizational Forms"
- In reply to: Kirill S. Palagin: "Re: Spam Filtering HELP"
- Next in thread: Geoff Pearce: "Re: Spam Filtering HELP"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 8 Mar 2005 14:31:58 -0600
In any case, blocking spam by blocking IP addresses is not a very logical
way to try to protect yourself any more. Five years ago? Maybe. With the
number of open relay mail servers on the internet today, you could spend the
rest of your working days doing nothing but entering IP addresses and will
still get a boatload of spam.
"Smart" blocking software, IMF, SPF via SpamAssasin
(http://www.spamblogging.com/archives/000014.html <- fairly old
article)...one of those may be your best option. You can try the "Transport
event sink" option mentioned in the previous post, but I would only
recommend that for the not-so-faint-hearted. You might also check out
iHateSpam For Microsoft Exchange (www.sunbelt-software.com), if you don't
mind spending a few bucks.
"Kirill S. Palagin" <kpalagin@no.mail.phxint.ru> wrote in message
news:422E0235.B640BF67@no.mail.phxint.ru...
> mike wrote:
>
>> Mail proxy is called Symantec AntiSpam for SMTP and it is version
>> 3.1.0.5
>>
>> Is there no way that I can have Exchange look at the header and if an
>> IP within the Header matches, drop it?
>
> Not without some programming. Use Transport Event Sink interface to make
> Exchange dance.
>
>>
>> The issue is that I have been picking through the headers of some 300+
>> spam messages and notice that alot of them are being bounced around
>> alot. This is how they are getting by the POS Anti-spam software as the
>> original message came from a domain that I have requested to be
>> blocked, but after bouncing around a bit, the message shows up looking
>> like it is from a site that is not blocked. I would figure that about
>> 50% of the spam is coming from a domain that has a country code such as
>> .il or .jp and so on. I have blocked these entire domains, with no
>> luck.
>> The insult to the whole thing is I have over 5000 IP addresses, domains
>> and key words that if they where blocked, there would be no issue, but
>> it takes more then one application to do this.
>> My last resort is to go the firewall/router and start blocking trafic
>> completely from there. Atleast there, I can use a simple text file to
>> upload the list.
>> I do not want to have to go through that route as the router is not
>> owned by our company, and I would have to do a password recovery.
>
> IMO, you really need to invest in better antispam product. See if
> www.vamsoft.com does better job.
>
>>
>>
>> Any help would be great.
>>
>> Mike
>> mlawrence(at)fisher-wavy.com
>>
>> Geoff Pearce wrote:
>> > Look in at an email header of the emails you receive from the net.
>> Received
>> > entries at the top of the header indicate the path of the email. The
>> top
>> > most Recieved line is the last SMTP server that connected to your
>> Exchange
>> > Server. If the IP address is the Symantic Spam Server Proxy then you
>> can
>> > not block within Exchange Server based upon the IP address. Do you
>> have the
>> > version number and exact product name of your Symantic Spam Server
>> Proxy
>> > because you should double check within their news groups that you
>> cannot
>> > block by IP address.
>> >
>> > Geoff Pearce
>> >
>> > "mike" <mlawrenc@gmail.com> wrote in message
>> > news:1110207776.972937.62650@o13g2000cwo.googlegroups.com...
>> > >I recently started a new job, and discovered after day one, that I
>> had
>> > > inharited a spam mess. Now the previous admin ad installed a
>> Symantic
>> > > Spam Server Prox which in my opinion, was a complete waste of money
>> as
>> > > it does not allow for blocking IP addresses.
>> > > Now here is the question;
>> > > I am running Exchange 2003, and am looking at setting up the
>> Conection
>> > > Filter under Message Delivery to block messages based on IP
>> address.
>> > > The problem is that when I save the IPs to be blocked, I get a
>> message
>> > > stating that the Connection filter "has to be enabled manually
>> through
>> > > the specific SMTP virtual server IP address assignments as they are
>> not
>> > > enabled by default."
>> > > This should be easy, however When I attempt to apply these filters
>> to
>> > > the IP address that is assigned to the nic card used to connect to
>> the
>> > > mail proxy, it blockes nothing.
>> > >
>> > > Any ideas?
>> > > Is there another way to filter IP addresses?
>> > >
>> > > Mike
>> > > mlawrence(at)fisher-wavy.com
>> > >
>
- Next message: Dan Hellebust: "Migrate from Goldmine 5.0 to Exchange 2003"
- Previous message: ian_journeaux_at_hotmail.com: "Exchange Cache Mode and Organizational Forms"
- In reply to: Kirill S. Palagin: "Re: Spam Filtering HELP"
- Next in thread: Geoff Pearce: "Re: Spam Filtering HELP"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
