Re: SMTP receive IP adresses log and SPAM/Virus mail

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

---

• From: "Cliff Galiher" <cgaliher@xxxxxxxxx>
• Date: Tue, 2 Sep 2008 08:24:41 -0600

---

If I understand your intentions correctly then the answer is yes, it is possible. But very very difficult and time consuming.

Essentially the problem is that spam is getting through your system, so the only thing you can do is enable SMTP logging and log *everything.* Then you manually crawl through the logs and reconcile IP addresses with mail received. If you get any volume of legit mail then this becomes a daunting task and is rarely worth the effort. You'd be better served beefing up your perimeter, such as enabling directory lookups to prevent mail to unused addresses, perhaps add a proxy SMTP server to do additional scanning, etc.

-Cliff


"Fred B." <h.f.b@xxxxxxxxx> wrote in message news:e7ckVFQDJHA.4588@xxxxxxxxxxxxxxxxxxxxxxx

Hi all,

Is there a way of relating the SMTP receive logs for originating IP adresses of spam and virus mail messages in SBS2K?

I want to block these IP adresses as much as possible. Our domain is swamped with spam and virus mail. Most is to non-excisting email adresses but some are to existing email adresses. Sophos Puremessage and SAV cleaned/deleted sofar almost all of the messages.

BUT not all. I also saw to instances in which deleted older unopened spam mail, latter was identified as containing viruses in user's recycle bins. Maybe after a definition came available. We update frequently almost every half hour Sophos is checked.

I have the impression someone is targeting us on purpose as I also filled complaints with ISP about attempts to test and breach our Firewall. Now I want to block out if necessary whole ranges of IP adresses used. The problem is Sophos does not log the IP. So the only solution is checking individual emails.

Is there a way of collecting stats of spam/virus messages send?

Like http://isc.sans.org/ for intrusion stats of offenders per IP adress.

Regards,

Fred

.

---

• References:
  • SMTP receive IP adresses log and SPAM/Virus mail
    • From: Fred B.

• Prev by Date: Re: Moving exchange off of the sbs 2003 server
• Next by Date: Re: Moving exchange off of the sbs 2003 server
• Previous by thread: SMTP receive IP adresses log and SPAM/Virus mail
• Next by thread: Re: SMTP receive IP adresses log and SPAM/Virus mail
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: undeliverable email to known email adresses ... I know the "danger" of receiving loads of spam. ... of the emailadresses were correct adresses belonging to users within our AD ... the rejection, I can no longer see the content of the email. ... (microsoft.public.exchange.admin) SMTP receive IP adresses log and SPAM/Virus mail ... Is there a way of relating the SMTP receive logs for originating IP adresses ... of spam and virus mail messages in SBS2K? ... I want to block these IP adresses as much as possible. ... (microsoft.public.windows.server.sbs) Re: Stopping Spam ... is to make yourself at least three adresses. ... One that you use for really personal stuff, friends, relations etc, ... first will have little spam unless your friends are dopes who send ... outset with a spam filter. ... (uk.comp.misc) Re: anti spam with DUL ... >> I would like to stop spam with the check for DUL (dynamic IP adresses ... >> shouldn't connect to my server) ... (comp.mail.sendmail) OTP: Spam, spam, spam ... failed to reduce the amount of spam, ... to a report released by security firm Sophos. ... One of the tricks spammers use to disguise their activities ... use their own computers to send the spam. ... (alt.support.arthritis)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2008-09