I'm psychic. Ed Crowley MCSE+Internet MVP Time Magazine's Person of the Year! -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jim Blunt Sent: Friday, March 30, 2007 1:00 PM To: Exchange Discussions Subject: Re: reverse NDR SPAM
Indeed it is...with ClamAV alongside it. On 3/29/07, Ed Crowley [MVP] <[EMAIL PROTECTED]> wrote: > Might it be sendmail? > > Ed Crowley MCSE+Internet MVP > Time Magazine's Person of the Year! > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Wallace Lam > Sent: Wednesday, March 28, 2007 6:02 PM > To: Exchange Discussions > Subject: Re: reverse NDR SPAM > > Interesting. What Linux box is this? Is it widely available? > > On 3/28/07, Jim Blunt <[EMAIL PROTECTED]> wrote: > > We have a Linux mail relayer on the outside of our network. > > > > Every night, we do an export of user smtp addresses (we exclude and > > PFs, DLs and anything else we don't want e-mail sent to). We then > > copy that file to a secure location on the Linux box. Any e-mail > > that comes in is compared to that text file. If the SMTP address > > being sent to isn't in the list, it doesn't get delivered. > > > > Jim > > > > On 3/28/07, Wallace Lam <[EMAIL PROTECTED]> wrote: > > > Thanks Chris. > > > > > > Knowing that the alias would be used solely for internal, is there > > > a way to filter out these internal aliases from receiving external > > > emails? > > > > > > What I have done so far is stamping those email with > > > [EMAIL PROTECTED] and hopefully it works well. > > > > > > On 3/28/07, Chris Scharff <[EMAIL PROTECTED]> wrote: > > > > There's not a lot one can do other than filter NDRs just like > > > > you would any other content. Having internal DL MTP addresses > > > > with non-dictionary word local-parts also helps somewhat (e.g. > > > > [EMAIL PROTECTED]) > > > > > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > > [mailto:[EMAIL PROTECTED] On Behalf > > > > Of Wallace Lam Posted At: Wednesday, March 28, 2007 7:01 AM > > > > Posted > > > > To: swynk > > > > Conversation: reverse NDR SPAM > > > > Subject: reverse NDR SPAM > > > > > > > > Recently our company has been received a lot of SPAM in the form > > > > of NDR. It looks something like this: > > > > > > > > === === === === === === === === === === === === === === Your > > > > message did not reach some or all of the intended recipients. > > > > > > > > Subject: Browse list of bots > > > > Sent: 3/27/2007 9:49 PM > > > > > > > > The following recipient(s) could not be reached: > > > > > > > > [EMAIL PROTECTED] on 3/27/2007 9:56 PM > > > > The e-mail account does not exist at the organization > > > > this message was sent to. Check the e-mail address, or contact > > > > the recipient directly to find out the correct address. > > > > < card.komifree.ru #5.1.1 X-Unix; 67> > > > > > > > > === === === === === === === === === === === === === === > > > > > > > > We receive about 70 - 80 of those every single day and none of > > > > the NDR recipients we know of. > > > > > > > > The bounced email was addressed back to [EMAIL PROTECTED] > > > > (replace company with my company name) and this mailbox is > > > > generally not used for sending email. So far 5 of our internal > > > > aliases have been hit by these NDR SPAM and the worst thing is > > > > that those aliases are DLs. So you can imagine the propagations > effect. > > > > > > > > Some of those NDRs came with attachment, which, is obviously a > > > > SPAM content. > > > > > > > > I wonder how I can block or prevent this while allowing the > > > > legitimate NDR pass through our SPAM filter as these system > > > > generated NDRs ususally have empty sender <> and did not get filtered. > > > > > > > > Tentatively I have enabled content filtering using keywords and > > > > that largely cut these NDR SPAM down by 90% but that also filter > > > > out legitimate NDR. > > > > > > > > Any ideas will be great. > > > > > > > > Thanks. > > > > Wallace > > > > > > > > _________________________________________________________________ > > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > > > > To subscribe: > > > > http://e-newsletters.internet.com/discussionlists.html/ > > > > To unsubscribe send a blank email to > > > > [EMAIL PROTECTED] > > > > Exchange List admin: [EMAIL PROTECTED] > > > > To unsubscribe via postal mail, please contact us at: > > > > Jupitermedia Corp. > > > > Attn: Discussion List Management > > > > 475 Park Avenue South > > > > New York, NY 10016 > > > > > > > > Please include the email address which you have been contacted with. > > > > > > > > > > > > _________________________________________________________________ > > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > > > > To subscribe: > > > > http://e-newsletters.internet.com/discussionlists.html/ > > > > To unsubscribe send a blank email to > [EMAIL PROTECTED] > > > > Exchange List admin: [EMAIL PROTECTED] > > > > To unsubscribe via postal mail, please contact us at: > > > > Jupitermedia Corp. > > > > Attn: Discussion List Management > > > > 475 Park Avenue South > > > > New York, NY 10016 > > > > > > > > Please include the email address which you have been contacted with. > > > > > > > > > > > > > > _________________________________________________________________ > > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > > > To subscribe: > > > http://e-newsletters.internet.com/discussionlists.html/ > > > To unsubscribe send a blank email to > [EMAIL PROTECTED] > > > Exchange List admin: [EMAIL PROTECTED] > > > To unsubscribe via postal mail, please contact us at: > > > Jupitermedia Corp. > > > Attn: Discussion List Management > > > 475 Park Avenue South > > > New York, NY 10016 > > > > > > Please include the email address which you have been contacted with. > > > > > > > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > > To subscribe: > > http://e-newsletters.internet.com/discussionlists.html/ > > To unsubscribe send a blank email to > [EMAIL PROTECTED] > > Exchange List admin: [EMAIL PROTECTED] > > To unsubscribe via postal mail, please contact us at: > > Jupitermedia Corp. > > Attn: Discussion List Management > > 475 Park Avenue South > > New York, NY 10016 > > > > Please include the email address which you have been contacted with. > > > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to > [EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange > To subscribe: http://e-newsletters.internet.com/discussionlists.html/ > To unsubscribe send a blank email to [EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > To unsubscribe via postal mail, please contact us at: > Jupitermedia Corp. > Attn: Discussion List Management > 475 Park Avenue South > New York, NY 10016 > > Please include the email address which you have been contacted with. > > _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/read/?forum=exchange To subscribe: http://e-newsletters.internet.com/discussionlists.html/ To unsubscribe send a blank email to [EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] To unsubscribe via postal mail, please contact us at: Jupitermedia Corp. Attn: Discussion List Management 475 Park Avenue South New York, NY 10016 Please include the email address which you have been contacted with.
