Ping a Specific Port

Question

gWaldo

Asked: 2010-10-07 06:57:16 +0800 CST2010-10-07 06:57:16 +0800 CST 2010-10-07 06:57:16 +0800 CST

Increase in Spam Effectiveness

772

Over the last few days, I've seen a drastic increase in the amount of blatant spam making it inside of my organization. (Exchange 2003 behind Ironmail, Symantec Mail Security.) My security products are up-to-date and appear to be functioning correctly (aside from, of course, the additional V1agr4 messages). I have looked at the headers and don't see anything out of the ordinary. Exchange is passing mail

Is anybody experiencing this as well? If so, can you provide any insight into how the messages are getting through? Any recommendations on how to prevent?

4 Answers

Voted

BillThor · Answer 1 · 2010-10-07T07:44:26+08:00

Best Answer

BillThor

2010-10-07T07:44:26+08:002010-10-07T07:44:26+08:00

I have seen a spike in rejection and deferals. There has been an increase in emails with domain literals like [192.0.2.14].

Main blocks which work for me:

spamhaus.org blacklist (big spike in rejections the last couple of days).
Reject all mail which uses a hostname in HELO command.
Reject all mail which uses my address is HELO command.
Reject all mail which uses a raw ip address (192.0.2.15) in HELO command.
Defer all mail when SPF exists and does not allow the address. I check the logs and enable valid address. Based on history, I may change this to reject if IP address doesn't have a valid DNS configuration for an email server.

3

John Gardeniers · Answer 2 · 2010-10-07T12:48:03+08:00

John Gardeniers

2010-10-07T12:48:03+08:002010-10-07T12:48:03+08:00

We've seen a small increase lately but are unaffected. We use MessageLabs but I've installed Mailcleaner at our end, which is catching all the stuff that's getting past MessageLabs. I've heard that MessageLabs used to be a decent spam filtering service but of course that was before Symantec got their hands on it and did what they do best - run it into the ground.

2

joeqwerty · Answer 3 · 2010-10-07T07:13:23+08:00

joeqwerty

2010-10-07T07:13:23+08:002010-10-07T07:13:23+08:00

We're seeing it as well. We're currently using Postini and the only real options as far as I can see are to ride out the current wave or make your spam filters more aggressive. Of course if you do make your filters more aggressive then you'll have users complaining that they're not getting legitimate emails... go figure.

1

Brent · Answer 4 · 2010-10-07T07:16:22+08:00

Brent

2010-10-07T07:16:22+08:002010-10-07T07:16:22+08:00

We use a mail-filter set up like this in front of our Exchange 2003 system, and have NOT seen a recent increase in spam.

0

Increase in Spam Effectiveness

Ping a Specific Port

How do I tell Git for Windows where to find my private RSA key?

How do you restart php-fpm?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?