I'd also double check all the Ironport anti spam settings, we don't use and DNS blacklists and we see virtually no spam making it through our Ironport. I would go into a rant about the cowboys who run most of the DNS blacklists, but that will probably fall on deaf ears! Most of them seem to be more about blackmailing companies to pay to be unblacklisted rather than actually be about email security... And lets not get into the ones who are just pushing their own personal agendas for how they think email should be handled...
Nick Turner -----Original Message----- From: Jason Gurtz [mailto:[email protected]] Sent: 19 May 2011 14:32 To: MS-Exchange Admin Issues Subject: RE: Unsolicited emails from mailing groups Go to mail policies -> HAT overview -> Click the BLACKLIST Sender Group -> click Edit Settings... Put zen.spamhaus.org in the DNS Lists (Optional) field. Another good DNS blocklist to use in tandem with zen is the barracuda RBL, see: http://www.barracudacentral.org/rbl for information on how to use that (it's free, but you have to sign up). Also, in the Connecting Host DNS Verification area I definitely recommend checking the box next to "Connecting host PTR record does not exist in DNS." You can also try enabling the last one which will reject sending hosts that do not have a matching PTR record but there is a higher chance of blocking small businesses that have mis-configured mail systems. Too bad, since this blocks a LOT of spam, but try it out and see if you can get away with it. Be prepared to search through the mail and smtp_conversation logs if "we can't send you mail" complaints start rolling in. Our SBRS settings are -10.0 to -3.0 Just FYI, the reason why Ironport support cannot recommend configuring a DNS blocklist is due to either a lawsuit or threatened lawsuit (I forget which) since they have refused to license a feed from Spamhaus. Barracuda is in the same boat. ~JasonG > -----Original Message----- > From: Fergal O'Connell [mailto:[email protected]] > Sent: Thursday, May 19, 2011 09:03 > To: MS-Exchange Admin Issues > Subject: RE: Unsolicited emails from mailing groups > > Will this definitely help.. > Can I assume I just add this to the Options DNS list? > Can I track to see what spam this picks up opposed to the Ironport > device. > > I asked this question to Ironport support and they said just to continue > using the Spam add on. > > > -----Original Message----- > From: Jason Gurtz [mailto:[email protected]] > Sent: 18 May 2011 17:10 > To: MS-Exchange Admin Issues > Subject: RE: Unsolicited emails from mailing groups > > If the spam reporting is not working open a support ticket; as I found > out, there are a variety of things to cause their system to reject > submissions, such as signing messages, Exchange stripping custom > headers, etc... > > Adding the Spamhaus zen list will help quite a bit! I'm not sure what > kind of volume you have, but Spamhaus will start blocking free queries > if you are too big (think ISP size or large enterprise) and force the > purchase of a subscription (which really isn't very much). Just so you > know... > > ~JasonG > > > -----Original Message----- > > From: Fergal O'Connell [mailto:[email protected]] > > Sent: Wednesday, May 18, 2011 11:50 > > To: MS-Exchange Admin Issues > > Subject: RE: Unsolicited emails from mailing groups > > > > Thanks for the reply. > > I have that Iron port spam add on feature but it does not seem to > > anything. > > You I am blocking both domain and IP addresses but we are consistently > > getting these emails. > > And the situation does not seem to be improving. Using the transport > > rule based on marketing and certain criteria based on word content has > > helped. > > I've also had to create separate mail policies to allow mails that are > > being marked as marketing to be delivered (Financial Times emails > > etc.) > > > > I'll have to look at spamhaus to see if I can implement this - > > > > -----Original Message----- > > From: Jason Gurtz [mailto:[email protected]] > > Sent: 18 May 2011 16:29 > > To: MS-Exchange Admin Issues > > Subject: RE: Unsolicited emails from mailing groups > > > > The amount of mainsleaze spam is indeed WAY out of control. Make sure > > your execs are forwarding these messages to you as attachments so you > > can, in turn, forward them individually to the ironport spam reporting > > addresses. > > Alternatively, install the outlook toolbar from ironport and train the > > execs on how to click the spam/not spam buttons. > > > > Most mainsleaze comes from the less responsible ESPs who seem to allow > > their customers to use purchased lists of email addresses or do little > > to no oversight on new customers who may have scraped corporate > > websites for email addys (we regularly get spam from large companies > > sent to role addresses that could only have been scraped from our > > website or purchased). > > > > You can definitely improve things by blacklisting the IP addresses of > > these irresponsible ESPs; they typically make it easy by providing SPF > > records that tell you what all their IP addresses are. You can see > > where they came from by inspecting the Received: headers in the spam > > (top-most one not in your org). Although this is somewhat labor > > intensive, with a few month's work you will have made significant > progress. > > > > Keep in mind this has to be done carefully and be sure to explain to > > the execs that some email newsletters may be blocked too. They can > > decide if they want spam or newsletters they actually signed up for; > > show them examples and force them to make the policy decision. > > > > +1 for Spamhaus. Use the zen.spamhaus.org list > > > > ~JasonG > > > > > -----Original Message----- > > > From: Fergal O'Connell [mailto:[email protected]] > > > Sent: Wednesday, May 18, 2011 11:03 > > > To: MS-Exchange Admin Issues > > > Subject: Unsolicited emails from mailing groups > > > > > > Hi All, > > > > > > > > > > > > Just wondering what you folks do to combat unsolicited emails from > > > Mailing lists. > > > > > > We have Exchange Server 2007 Sp1 with 2 x Clustered C150 Ironport. > > > > > > > > > > > > Our CEO and executives are getting about 30 unsolicited email's a > day. > > > At the moment they collect this mail and then hand over to me after > > > about 5-6 weeks for me to deal with. > > > > > > > > > > > > This is what I have don't to try and limit these unsolicited and > > > marketing emails. > > > > > > * On the Ironport device I have tried to block the senders > via > > > IP and domain name. > > > > > > * Created a mail flow policy to mark marketing mails and > > deliver > > > these mails to a separate mailbox via a transport rule. > > > > > > * Exchange transport rule to deliver emails containing > certain > > > wording's to a separate mailbox. > > > > > > * Continue to unsubscribe the user from various mail lists. > > > > > > > > > > > > But it appears that I am just going around in circles. The problem > > > is how do I put a stop to this? > > > > > > > > > > > > Any thoughts? > > > > > > > > > > > > > > > > > > The information in this email is confidential and may be legally > > > privileged. > > > It is intended solely for the addressee. Access to this email by > > > anyone else is unauthorized. If you are not the intended recipient, > > > any disclosure, copying, distribution or any action taken or omitted > > > to be taken in reliance on it, is prohibited and may be unlawful. If > > > you are not the intended addressee please contact the sender and > > > dispose of this e-mail. Thank you. > > > > > > --- > > > To manage subscriptions click here: http://lyris.sunbelt- > > > software.com/read/my_forums/ or send an email to > > > [email protected] > > > with the body: unsubscribe exchangelist > > > > > > --- > > To manage subscriptions click here: http://lyris.sunbelt- > > software.com/read/my_forums/ or send an email to > > [email protected] > > with the body: unsubscribe exchangelist > > > > > > > > The information in this email is confidential and may be legally > > privileged. > > It is intended solely for the addressee. Access to this email by > > anyone else is unauthorized. If you are not the intended recipient, > > any disclosure, copying, distribution or any action taken or omitted > > to be taken in reliance on it, is prohibited and may be unlawful. If > > you are not the intended addressee please contact the sender and > > dispose of this e-mail. Thank you. > > > > > > --- > > To manage subscriptions click here: http://lyris.sunbelt- > > software.com/read/my_forums/ or send an email to > > [email protected] > > with the body: unsubscribe exchangelist > > > --- > To manage subscriptions click here: http://lyris.sunbelt- > software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe exchangelist > > > > The information in this email is confidential and may be legally > privileged. > It is intended solely for the addressee. Access to this email by anyone > else > is unauthorized. If you are not the intended recipient, any disclosure, > copying, distribution or any action taken or omitted to be taken in > reliance > on it, is prohibited and may be unlawful. If you are not the intended > addressee please contact the sender and dispose of this e-mail. Thank > you. > > > --- > To manage subscriptions click here: http://lyris.sunbelt- > software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe exchangelist --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe exchangelist This electronic message contains information from CACI International Inc or subsidiary companies, which may be confidential, proprietary, privileged or otherwise protected from disclosure. The information is intended to be used solely by the recipient(s) named above. If you are not an intended recipient, be aware that any review, disclosure, copying, distribution or use of this transmission or its contents is prohibited. If you have received this transmission in error, please notify us immediately at [email protected] Viruses: Although we have taken steps to ensure that this e-mail and attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free. CACI Limited. Registered in England & Wales. Registration No. 1649776. CACI House, Avonmore Road, London, W14 8TS. --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe exchangelist
