Indeed it is...with ClamAV alongside it.
On 3/29/07, Ed Crowley [MVP] <[EMAIL PROTECTED]> wrote:
Might it be sendmail?
Ed Crowley MCSE+Internet MVP
Time Magazine's Person of the Year!
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Wallace
Lam
Sent: Wednesday, March 28, 2007 6:02 PM
To: Exchange Discussions
Subject: Re: reverse NDR SPAM
Interesting. What Linux box is this? Is it widely available?
On 3/28/07, Jim Blunt <[EMAIL PROTECTED]> wrote:
> We have a Linux mail relayer on the outside of our network.
>
> Every night, we do an export of user smtp addresses (we exclude and
> PFs, DLs and anything else we don't want e-mail sent to). We then
> copy that file to a secure location on the Linux box. Any e-mail that
> comes in is compared to that text file. If the SMTP address being
> sent to isn't in the list, it doesn't get delivered.
>
> Jim
>
> On 3/28/07, Wallace Lam <[EMAIL PROTECTED]> wrote:
> > Thanks Chris.
> >
> > Knowing that the alias would be used solely for internal, is there a
> > way to filter out these internal aliases from receiving external
> > emails?
> >
> > What I have done so far is stamping those email with
> > [EMAIL PROTECTED] and hopefully it works well.
> >
> > On 3/28/07, Chris Scharff <[EMAIL PROTECTED]> wrote:
> > > There's not a lot one can do other than filter NDRs just like you
> > > would any other content. Having internal DL MTP addresses with
> > > non-dictionary word local-parts also helps somewhat (e.g.
> > > [EMAIL PROTECTED])
> > >
> > >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf
> > > Of Wallace Lam Posted At: Wednesday, March 28, 2007 7:01 AM Posted
> > > To: swynk
> > > Conversation: reverse NDR SPAM
> > > Subject: reverse NDR SPAM
> > >
> > > Recently our company has been received a lot of SPAM in the form
> > > of NDR. It looks something like this:
> > >
> > > === === === === === === === === === === === === === === Your
> > > message did not reach some or all of the intended recipients.
> > >
> > > Subject: Browse list of bots
> > > Sent: 3/27/2007 9:49 PM
> > >
> > > The following recipient(s) could not be reached:
> > >
> > > [EMAIL PROTECTED] on 3/27/2007 9:56 PM
> > > The e-mail account does not exist at the organization
> > > this message was sent to. Check the e-mail address, or contact
> > > the recipient directly to find out the correct address.
> > > < card.komifree.ru #5.1.1 X-Unix; 67>
> > >
> > > === === === === === === === === === === === === === ===
> > >
> > > We receive about 70 - 80 of those every single day and none of the
> > > NDR recipients we know of.
> > >
> > > The bounced email was addressed back to [EMAIL PROTECTED]
> > > (replace company with my company name) and this mailbox is
> > > generally not used for sending email. So far 5 of our internal
> > > aliases have been hit by these NDR SPAM and the worst thing is
> > > that those aliases are DLs. So you can imagine the propagations
effect.
> > >
> > > Some of those NDRs came with attachment, which, is obviously a
> > > SPAM content.
> > >
> > > I wonder how I can block or prevent this while allowing the
> > > legitimate NDR pass through our SPAM filter as these system
> > > generated NDRs ususally have empty sender <> and did not get filtered.
> > >
> > > Tentatively I have enabled content filtering using keywords and
> > > that largely cut these NDR SPAM down by 90% but that also filter
> > > out legitimate NDR.
> > >
> > > Any ideas will be great.
> > >
> > > Thanks.
> > > Wallace
> > >
> > > _________________________________________________________________
> > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
> > > To subscribe:
> > > http://e-newsletters.internet.com/discussionlists.html/
> > > To unsubscribe send a blank email to
> > > [EMAIL PROTECTED]
> > > Exchange List admin: [EMAIL PROTECTED]
> > > To unsubscribe via postal mail, please contact us at:
> > > Jupitermedia Corp.
> > > Attn: Discussion List Management
> > > 475 Park Avenue South
> > > New York, NY 10016
> > >
> > > Please include the email address which you have been contacted with.
> > >
> > >
> > > _________________________________________________________________
> > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
> > > To subscribe:
> > > http://e-newsletters.internet.com/discussionlists.html/
> > > To unsubscribe send a blank email to
[EMAIL PROTECTED]
> > > Exchange List admin: [EMAIL PROTECTED]
> > > To unsubscribe via postal mail, please contact us at:
> > > Jupitermedia Corp.
> > > Attn: Discussion List Management
> > > 475 Park Avenue South
> > > New York, NY 10016
> > >
> > > Please include the email address which you have been contacted with.
> > >
> > >
> >
> > _________________________________________________________________
> > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
> > To subscribe:
> > http://e-newsletters.internet.com/discussionlists.html/
> > To unsubscribe send a blank email to
[EMAIL PROTECTED]
> > Exchange List admin: [EMAIL PROTECTED]
> > To unsubscribe via postal mail, please contact us at:
> > Jupitermedia Corp.
> > Attn: Discussion List Management
> > 475 Park Avenue South
> > New York, NY 10016
> >
> > Please include the email address which you have been contacted with.
> >
> >
>
> _________________________________________________________________
> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
> To subscribe: http://e-newsletters.internet.com/discussionlists.html/
> To unsubscribe send a blank email to
[EMAIL PROTECTED]
> Exchange List admin: [EMAIL PROTECTED]
> To unsubscribe via postal mail, please contact us at:
> Jupitermedia Corp.
> Attn: Discussion List Management
> 475 Park Avenue South
> New York, NY 10016
>
> Please include the email address which you have been contacted with.
>
>
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
To subscribe: http://e-newsletters.internet.com/discussionlists.html/
To unsubscribe send a blank email to
[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
To unsubscribe via postal mail, please contact us at:
Jupitermedia Corp.
Attn: Discussion List Management
475 Park Avenue South
New York, NY 10016
Please include the email address which you have been contacted with.
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
To subscribe: http://e-newsletters.internet.com/discussionlists.html/
To unsubscribe send a blank email to [EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
To unsubscribe via postal mail, please contact us at:
Jupitermedia Corp.
Attn: Discussion List Management
475 Park Avenue South
New York, NY 10016
Please include the email address which you have been contacted with.
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange
To subscribe: http://e-newsletters.internet.com/discussionlists.html/
To unsubscribe send a blank email to [EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
To unsubscribe via postal mail, please contact us at:
Jupitermedia Corp.
Attn: Discussion List Management
475 Park Avenue South
New York, NY 10016
Please include the email address which you have been contacted with.
