Of course it doesn't. It's not a perfect solution, it's just one tool I use. I still go through the messages in the spam folder, to make sure what's in there is spam, or at least my definition of spam. Sure, we've got clueless users, just like any other company. A common saying around here is to try to make things "Ginny-proof", named after our favorite administrative assistant.
And at the risk of getting into the "recursive RBLs are bad" discussion again, I have to say that it works for us. I use a combination of bl.spamcop.net and our own internal blacklist zone for RBL lookup. We're blocking between 2000 and 3000 messages a day, and every time I check the quarantine, the legitimate emails are very few and very far between. I haven't had to release a legitimate message in over two weeks. As I said, it's not a perfect system, but it has made a significant dent in the amount of spam that hits our users' mailboxes, and it has not gone unnoticed. -----Original Message----- From: Chris Scharff [mailto:[EMAIL PROTECTED]] Sent: Friday, January 24, 2003 3:49 PM To: Exchange Maillist Subject: Re: Using script to get header info Does your script do reverse DNS lookups on the IP address as well so you can make sure you didn't just block a major business partner by IP because one of your users is clueless? On 1/24/03 13:27, "Mike" <[EMAIL PROTECTED]> wrote: Well, I wrestled with this for a few days, and this is what I've come up with. It may not be pretty, but it works for my purposes. This is a VBA macro in Outlook 2002. It prompts for a folder, then retrieves the IP address of the originating server for each message in that folder, reverses the octets and writes it out to a file, for inclusion in a dns blacklist file. '****************************************** exported from Outlook 2002 *** Attribute VB_Name = "GetSpam" ' ' NOTE: Requires a reference to the Microsoft CDO 1.21 Library ' Sub ShowFolderInfo_Click() '*** this is the string to search for in the message headers '*** substitute your own "servername.domain" in the search string strSMTPSearch = "]) by servername.domain with SMTP" strSpamOutFile = "c:\spam.txt" Set MyNameSpace = Application.GetNamespace("MAPI") Set myFolder = MyNameSpace.PickFolder If myFolder Is Nothing Then MsgBox "User pressed cancel.", vbInformation Exit Sub End If Set oSession = New MAPI.Session oSession.Logon Set oSpamFolder = oSession.GetFolder(myFolder.EntryID) Set oMsgColl = oSpamFolder.Messages If oMsgColl.Count > 0 Then outfile = FreeFile(0) Open strSpamOutFile For Output As #outfile For Each oMessage In oMsgColl oHeader = oMessage.Fields(&H7D001E) '^^^^^ this is the full header oHeader = Left(oHeader, InStr(oHeader, strSMTPSearch - 1) '^^^^^ this strips everything after the search string oHeader = Right(oHeader, Len(oHeader) - InStrRev(oHeader, "[")) '^^^^^ this gives us the offending IP address strOctet = Split(oHeader, ".") '^^^^^ this creates an array of the octets strBadMachine = strOctet(3) & "." & strOctet(2) & "." &_ strOctet(1) & "." & strOctet(0) &_ vbTab & vbTab & "A" & vbTab & "127.0.0.2" '^^^^^ reverses the octets and builds the dns entry for blacklisting Write #outfile, strBadMachine '^^^^^ and then writes it out to the file Next Close outfile End If MsgBox "Finished!" & vbCrLf & vbCrLf & "File is at " & strSpamOutFile End Sub '*************************************************************************** *** The WRITE statement puts double quotes around the string when it's written, so I still have to load it in notepad and remove those (a simple replace with nothing). Next I load it into Excel along with the existing blacklist entries, sort them and save them back out. Today I processed 90 new messages in about 3 minutes. Yesterday, that same task would have taken an hour or more. Regards, Mike -----Original Message----- From: Ken Cornetet [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 22, 2003 4:31 PM To: Exchange Maillist Subject: RE: Using script to get header info Hmmm, I've been wrestling with CDO as of late, and your question piqued my interest. See http://support.microsoft.com/default.aspx?scid=KB;en-us;q194870 for code. -----Original Message----- From: Mike [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 22, 2003 4:03 PM To: Exchange Discussions Subject: Using script to get header info Hi folks, I created a public folder and asked several of our users to move their spam into it. From there, I can open the messages, view the headers, pluck the IP addresses of the offending mail servers, and add them to our internal dns blacklist. Works like a charm, but it's very labor-intensive. I wrote some vbscript code that examines all the messages in the folder, and returns things like Sender, Subject, etc., all of which are basically useless to me in this case, but the practice was good. There doesn't seem to be any property that will return the header info, no? I don't have a good reference book handy, but searching through the online MSDN library was helpful. Now it looks like maybe ADO/CDOEX might be the way to go. Does anyone have any sample code that might give me some pointers? This doesn't have to be fandy or polished. If I can retrieve the headers, I can parse through them and find the right "received by" line, and pull the address from that line and output it to the screen. I'd greatly appreciate any pointers at all, be it a web page, KB article, book, etc. Thanks, Mike _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
