RE: Outbound Email Filtering
Good point, what are you meaning by filter? We run checks on SPAM and AV, add a custom header, and scan for specific words (inappropriate language and/or proprietary info) -Original Message- From: Kurt Buff [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04, 2008 6:08 PM To: MS-Exchange Admin Issues Subject: Re: Outbound Email Filtering Define filter On Wed, Jun 4, 2008 at 5:05 PM, JB [EMAIL PROTECTED] wrote: All- Question I have, more like a survey.. How many people filter outbound email to the internet? Thanks, _ John Bowles ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
NDR SPAM
Getting hit with more NDR SPAM. Most is stopped but has anyone found a solution that really works? ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Outbound Email Filtering
We do that but we have thousands of servers and tens of thousands of workstations around North America and our previous mail system was IMAP/POP/SMTP. Our exchange bridgeheads are internal open relays. There is a project under discussion to start locking those down but it will be a long process. - Sent from my BlackBerry Wireless Handheld - Original Message - From: JB [EMAIL PROTECTED] To: MS-Exchange Admin Issues exchangelist@lyris.sunbelt-software.com Sent: Wed Jun 04 18:58:37 2008 Subject: Re: Outbound Email Filtering Why not just allow port 25 from only your smtp gateway servers and block all other port 25 traffic outbound? Thank you, _ John Bowles - Original Message From: John Cook [EMAIL PROTECTED] To: MS-Exchange Admin Issues exchangelist@lyris.sunbelt-software.com Sent: Wednesday, June 4, 2008 8:48:33 PM Subject: Re: Outbound Email Filtering I do it to prevent my users from sending out things they shouldn't as well as curb any file based spam that may originate from one of my mobile (ID10T) users laptops. - Original Message - From: JB [EMAIL PROTECTED] To: MS-Exchange Admin Issues exchangelist@lyris.sunbelt-software.com Sent: Wed Jun 04 20:44:20 2008 Subject: Re: Outbound Email Filtering Can you guys state the reasons why you scan outbound email? Just curious on both sides of the fence the reasons why. Thanks, _ John Bowles - Original Message From: John Cook [EMAIL PROTECTED] To: MS-Exchange Admin Issues exchangelist@lyris.sunbelt-software.com Sent: Wednesday, June 4, 2008 8:18:29 PM Subject: Re: Outbound Email Filtering I do. - Original Message - From: JB [EMAIL PROTECTED] To: MS-Exchange Admin Issues exchangelist@lyris.sunbelt-software.com Sent: Wed Jun 04 20:05:35 2008 Subject: Outbound Email Filtering All- Question I have, more like a survey.. How many people filter outbound email to the internet? Thanks, _ John Bowles ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Hosting Multiple domains in Exchange 2003
Here is the log entry, seems like it might be blacklisted, but I can't find any blacklist that lists us. 2008-06-05 14:02:15 207.115.11.16 OutboundConnectionResponse SMTPSVC1 VM2 - 25 - - 550-67.91.139.138+blocked+by+ldap:ou=rblmx,dc=bellsouth,dc=net 0 0 62 0 260 SMTP - - - - For the other 2 sites I am immediately kicked to a google search which lists the site as the only result. Clicking on the link gives me a page can not be displayed messagehowever just now when I tried to verify the errors I had no trouble accessing the site if I use www. If I just type in sealcoatmydrive.com it gives me the google run around, but both are in the host header value in IIS. Jonathan Gruber Network Administrator J.B. Long Inc. 610-944-8840 x.213 484-637-1978 direct -Original Message- From: Ben Scott [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04, 2008 10:26 PM To: MS-Exchange Admin Issues Subject: Re: Hosting Multiple domains in Exchange 2003 On Wed, Jun 4, 2008 at 10:36 AM, Jonathan Gruber [EMAIL PROTECTED] wrote: Still having the same issue with shirevalleydesign.com and mail to bellsouth.net. Hmmm. I just tried running some test probes against the MXes for bellsouth.net. From a real ISP feed, I connected no problem, and got immediate OK responses to MAIL FROM:[EMAIL PROTECTED]. I tried multiple probes against both listed MXes. However, from my home Comcast feed, I get a hangup before HELO, with the message that I'm blacklisted. It's a 550 code. I'm not sure if Exchange will consider that a permanent failure or not. If not, and you're blacklisted by them, that would explain the delay-then-failure you're seeing. Try turning on SMTP protocol logging to record a transcript of the SMTP session, and see if bellsouth is rejecting you. If you're not familiar with SMTP protocol logging, this article explains it pretty well: http://www.msexchange.org/tutorials/Exchange-Server-2003-Mailflow-Part-2.html You may want to check the IP address your mail server will be sending from to see if it is on any blacklists. I like the site http://www.mxtoolbox.com/blacklists.aspx for doing that. FWIW, I did run the address your list post came from (24.229.89.2) and the one returned for mail.{shirevalleydesign,moyersconstruction,sealcoatmydrive}.com (67.91.139.138), and both came out clean. Valid PTR records also exist for both. The other 2 domains are moyersconstruction.com and sealcoatmydrive.com . DNS looks good to me. The delegation chain is valid, and I get consistent answers from all nameservers. I also ran ZoneCheck (http://www.zonecheck.fr) against them and it didn't find anything serious. It warned that postmaster@ the domains isn't working, which isn't good, but if BellSouth was rejecting on that they would presumably do so all the time. (Still, you should probably fix your postmaster mailbox.) Turns out in doing some more looking, we can't access the web sites internally either. Not being able to access the web sites probably isn't good, but may or may not be related to your mail problems. What happens when you try the web sites? Name resolution fails, connection times out, HTTP server error, something else...? -- Ben ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Outbound Email Filtering
We do On Wed, Jun 4, 2008 at 5:05 PM, JB [EMAIL PROTECTED] wrote: All- Question I have, more like a survey.. How many people filter outbound email to the internet? Thanks, _ John Bowles ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Tar Pitting
I'm curious if any of you with Exchange 2003 that use recipient filtering also use the SMTP tar pit feature. If so, can you give comments on its effect on mail flow/performance if any? Thanks in advance for any advice/comments. Bill Lambert Windows System Administrator Concuity A healthcare division of Trintech, Inc. Phone 847-941-9206 Fax 847-465-9147 NASDAQ: TTPA The information contained in this e-mail message, including any attached files, is intended only for the personal and confidential use of the recipient(s) named above. If you are not the intended recipient (or authorized to receive information for the recipient) you are hereby notified that you have received this communication in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please contact the sender by reply email and delete all copies of this message. Thank you. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image001.gif
Re: NDR SPAM
100% ? No - that would be impossible. Using SPF records will help deter the NDR spam from being generated in the first place. After that, your only real hope if to creatively filter/block incoming NDR. How well you can do this solely depends on what the capabilities are or your MTA and/or spam filter. On Thu, Jun 5, 2008 at 8:45 AM, Theochares, George [EMAIL PROTECTED] wrote: Getting hit with more NDR SPAM. Most is stopped but has anyone found a solution that really works? -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: NDR SPAM
Sue them! Sorry, couldn't resist :) Nothing will really work. Things you can do to help a bit. Put up an SPF record, hopefully more people will start using them. That would stop the servers that are sending you the NDR's from accepting the original message in the first placebut I would argue that anyone sending NDR Spam (backscatter) probably isn't bright enough to use SPF in the first place. Aggressive blacklist usage and block at the IP address. More and more RBL's are listing people that send the NDR spam (backscatter). This works very well for us. Contact the postmaster that send it to you and give them a hard time about it. If we all did that it would clear up pretty quick.. Sorry, that is about it. No real solution to this one. From: Theochares, George [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 8:46 AM To: MS-Exchange Admin Issues Subject: NDR SPAM Getting hit with more NDR SPAM. Most is stopped but has anyone found a solution that really works? ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Public Folder Permissions
My question involves trying to prevent the problem I ran into yester. I created a Mail Enabled Public Folder. User need to perform the following: 1. Create sub-folders. 2. Delete/Move email messages I want to prevent them from Deleting any folders (especially the top Mail Enabled folder). Suggestions anyone? Joseph Danielsen, CSBS, MCSA-2003, MCSA-2000 (Messaging), MCP Network Blade Inc. 49 Marcy Street Somerset, NJ 08873 732-213-0600 www.networkblade.com http://www.networkblade.com/ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: NDR SPAM
I've got an Ironport C350 that claims it can filter out NDR's that didn't result from emails that originated from your site. I haven't tried enabling it, and it may not be practical in the configuration I'm using the box in but it might be worth investigating. From: Theochares, George [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 7:46 AM To: MS-Exchange Admin Issues Subject: NDR SPAM Getting hit with more NDR SPAM. Most is stopped but has anyone found a solution that really works? ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: NDR SPAM
Something to note, is that you can choose to report backscatter NDR senders to their ISP and to DNS blacklists that track these types of offenses. NDRs should only be communicated via the SMTP session in the form of an SMTP status code. They should not be sent post-reception as emails. Sender authentication (SPF, etc) use and scrutiny will surely increase over the next few years, but its going to be slow climb. Filtering for specific verbiage of certain NDRs is relatively easy to do - particularly if you have a filter that supports true regular expression syntax. On Thu, Jun 5, 2008 at 12:22 PM, Kennedy, Jim [EMAIL PROTECTED] wrote: Sue them! Sorry, couldn't resist J Nothing will really work. Things you can do to help a bit. Put up an SPF record, hopefully more people will start using them. That would stop the servers that are sending you the NDR's from accepting the original message in the first place….but I would argue that anyone sending NDR Spam (backscatter) probably isn't bright enough to use SPF in the first place. Aggressive blacklist usage and block at the IP address. More and more RBL's are listing people that send the NDR spam (backscatter). This works very well for us. Contact the postmaster that send it to you and give them a hard time about it. If we all did that it would clear up pretty quick…… Sorry, that is about it. No real solution to this one….. From: Theochares, George [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 8:46 AM To: MS-Exchange Admin Issues Subject: NDR SPAM Getting hit with more NDR SPAM. Most is stopped but has anyone found a solution that really works? -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: NDR SPAM
If anyone can do a good job, Ironport can. But there is no way that would work 100%. Not with some of the NDR I have seen. But I'd love to know how it works out for you... On Thu, Jun 5, 2008 at 12:26 PM, Campbell, Rob [EMAIL PROTECTED] wrote: I've got an Ironport C350 that claims it can filter out NDR's that didn't result from emails that originated from your site. I haven't tried enabling it, and it may not be practical in the configuration I'm using the box in but it might be worth investigating. From: Theochares, George [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 7:46 AM To: MS-Exchange Admin Issues Subject: NDR SPAM Getting hit with more NDR SPAM. Most is stopped but has anyone found a solution that really works? ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: NDR SPAM
They claim to be able to add a unique identifier to outbound emails that lets them determine if the NDR is the result of an email bearing that identifier. -Original Message- From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 11:30 AM To: MS-Exchange Admin Issues Subject: Re: NDR SPAM If anyone can do a good job, Ironport can. But there is no way that would work 100%. Not with some of the NDR I have seen. But I'd love to know how it works out for you... On Thu, Jun 5, 2008 at 12:26 PM, Campbell, Rob [EMAIL PROTECTED] wrote: I've got an Ironport C350 that claims it can filter out NDR's that didn't result from emails that originated from your site. I haven't tried enabling it, and it may not be practical in the configuration I'm using the box in but it might be worth investigating. From: Theochares, George [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 7:46 AM To: MS-Exchange Admin Issues Subject: NDR SPAM Getting hit with more NDR SPAM. Most is stopped but has anyone found a solution that really works? ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Outbound Email Filtering
We do. We have to comply with HIPAA regulations and sending PHI (personal health information) unsecured outside our company would be a bad thing for us. As a result we scan for a number of message criteria such as SSN, Birth date, various other key terms to prevent calls to our PHI compliance officer. We use some products from Tumbleweed. Very expensive. At this point we bounce back to the sender any message that trigger the filter and kick a copy of the message to the compliance group. We have a manual keyword trigger that's supposed to be there to encrypt messages and we have one to 'bypass' the filters but that also kicks a copy of the message to the compliance team. This has occasionally resulted in discussions with people who 'should know better' and they then find out that they 'will not do this again' in an uncomfortable meeting. Steven Peck - http://www.blkmtn.org On Thu, Jun 5, 2008 at 9:18 AM, Don Ely [EMAIL PROTECTED] wrote: We do On Wed, Jun 4, 2008 at 5:05 PM, JB [EMAIL PROTECTED] wrote: All- Question I have, more like a survey.. How many people filter outbound email to the internet? Thanks, _ John Bowles ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: NDR SPAM
Unfortunately, many MTA's have started using delayed delivery failure as a means of thwarting address harvesting. -Original Message- From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 11:29 AM To: MS-Exchange Admin Issues Subject: Re: NDR SPAM Something to note, is that you can choose to report backscatter NDR senders to their ISP and to DNS blacklists that track these types of offenses. NDRs should only be communicated via the SMTP session in the form of an SMTP status code. They should not be sent post-reception as emails. Sender authentication (SPF, etc) use and scrutiny will surely increase over the next few years, but its going to be slow climb. Filtering for specific verbiage of certain NDRs is relatively easy to do - particularly if you have a filter that supports true regular expression syntax. On Thu, Jun 5, 2008 at 12:22 PM, Kennedy, Jim [EMAIL PROTECTED] wrote: Sue them! Sorry, couldn't resist J Nothing will really work. Things you can do to help a bit. Put up an SPF record, hopefully more people will start using them. That would stop the servers that are sending you the NDR's from accepting the original message in the first placebut I would argue that anyone sending NDR Spam (backscatter) probably isn't bright enough to use SPF in the first place. Aggressive blacklist usage and block at the IP address. More and more RBL's are listing people that send the NDR spam (backscatter). This works very well for us. Contact the postmaster that send it to you and give them a hard time about it. If we all did that it would clear up pretty quick.. Sorry, that is about it. No real solution to this one. From: Theochares, George [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 8:46 AM To: MS-Exchange Admin Issues Subject: NDR SPAM Getting hit with more NDR SPAM. Most is stopped but has anyone found a solution that really works? -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: NDR SPAM
I'm sure they do - but not all replies from all systems contain the original custom headers... or even the original Message-ID header for that matter. On Thu, Jun 5, 2008 at 12:32 PM, Campbell, Rob [EMAIL PROTECTED] wrote: They claim to be able to add a unique identifier to outbound emails that lets them determine if the NDR is the result of an email bearing that identifier. -Original Message- From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 11:30 AM To: MS-Exchange Admin Issues Subject: Re: NDR SPAM If anyone can do a good job, Ironport can. But there is no way that would work 100%. Not with some of the NDR I have seen. But I'd love to know how it works out for you... On Thu, Jun 5, 2008 at 12:26 PM, Campbell, Rob [EMAIL PROTECTED] wrote: I've got an Ironport C350 that claims it can filter out NDR's that didn't result from emails that originated from your site. I haven't tried enabling it, and it may not be practical in the configuration I'm using the box in but it might be worth investigating. From: Theochares, George [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 7:46 AM To: MS-Exchange Admin Issues Subject: NDR SPAM Getting hit with more NDR SPAM. Most is stopped but has anyone found a solution that really works? ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Tar Pitting
Tarpitting only changes behavior for mail that can't be delivered. There's no effect on normal mail flow. If you filter recipients who are not in the directory and receive mail directly with no intervening relay host, you should definitely enable it. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 12:20 PM To: MS-Exchange Admin Issues Subject: Tar Pitting I'm curious if any of you with Exchange 2003 that use recipient filtering also use the SMTP tar pit feature. If so, can you give comments on its effect on mail flow/performance if any? Thanks in advance for any advice/comments. Bill Lambert Windows System Administrator Concuity A healthcare division of Trintech, Inc. Phone 847-941-9206 Fax 847-465-9147 NASDAQ: TTPA The information contained in this e-mail message, including any attached files, is intended only for the personal and confidential use of the recipient(s) named above. If you are not the intended recipient (or authorized to receive information for the recipient) you are hereby notified that you have received this communication in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please contact the sender by reply email and delete all copies of this message. Thank you. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image001.gif
RE: Outbound Email Filtering
Question I have, more like a survey.. How many people filter outbound email to the internet? We do. Port 25 blocked outbound except for mail server. Everything forced to relay through mail server. Mail server forced though filtering device. We scan for AV and Spam. Why? Because if a pc were to be compromised and start spewing we need to block it and know about it right away. If spam or other malware were to get out from such an event it would affect our IP/domain's reputation and deliverability would suffer. It's also just the right thing to do IMHO, neighborhood watch style. I keep my side of the street safe, how 'bout you? ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Hosting Multiple domains in Exchange 2003
Postscript: I do notice that 67.91.139.138 reverses to ip67-91-139-138.z139-91-67.customer.algx.net.. I've heard rumor that some spam filters will consider suspicious any IP address with a reverse DNS that looks like that. This is much more than rumor. In addition to regex style filters that look for generic/dynamic looking PTRs, more and more sites are also blocking if the PTR does not match the A. Put it this way, if your relay's PTR does not match its A record it *will* experience delivery issues. This will only get worse so it should be addressed now rather than later. Fixing this is not as big of a problem as it was a couple years back if you have a business level account. Here in the U.S., even ATT dsl customers can now get their reverse DNS delegated or changed. There are a few 3rd party dns providers around that will host reverse dns zones (I can't recommend easyDNS enough for their great support). Email admins should also be aware of the Spamhaus PBL list which is included in the heavily used zen.spamhaus.org blacklist. You can sign up and authorize the specific nodes in your IP range that relay mail. The PBL attempts to list swaths of the Internet that are used primarily by dynamic or end-user type nodes that shouldn't be sending mail. See: http://www.spamhaus.org/pbl/index.lasso If these Reverse DNS or Dynamic IP range type issues cannot be addressed, the only other option is to setup your system to relay through a smarthost that is in correctly configured IP space. This would typically be the upstream ISPs mail relay. In Exchange 2003 this is configured in properties of the default smtp virtual server-Delivery tab-Advanced...-Smart Host field ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Outbound Email Filtering
We do the typical AV/Spam filtering. We also use ProofPoint appliance to filter for any PIFI (personally identifiable financial information) such as SSNs, CC#s, Account numbers, etc. - Sean On 6/4/08, JB [EMAIL PROTECTED] wrote: All- Question I have, more like a survey.. How many people filter outbound email to the internet? Thanks, _ John Bowles ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Hosting Multiple domains in Exchange 2003
+1 to everything that Jason wrote. These conditions are only going to become worse. It behooves you to get with the program sooner than later. Put your DNS ducks in a line. On Thu, Jun 5, 2008 at 11:34 AM, Jason Gurtz [EMAIL PROTECTED] wrote: Postscript: I do notice that 67.91.139.138 reverses to ip67-91-139-138.z139-91-67.customer.algx.net.. I've heard rumor that some spam filters will consider suspicious any IP address with a reverse DNS that looks like that. This is much more than rumor. In addition to regex style filters that look for generic/dynamic looking PTRs, more and more sites are also blocking if the PTR does not match the A. Put it this way, if your relay's PTR does not match its A record it *will* experience delivery issues. This will only get worse so it should be addressed now rather than later. Fixing this is not as big of a problem as it was a couple years back if you have a business level account. Here in the U.S., even ATT dsl customers can now get their reverse DNS delegated or changed. There are a few 3rd party dns providers around that will host reverse dns zones (I can't recommend easyDNS enough for their great support). Email admins should also be aware of the Spamhaus PBL list which is included in the heavily used zen.spamhaus.org blacklist. You can sign up and authorize the specific nodes in your IP range that relay mail. The PBL attempts to list swaths of the Internet that are used primarily by dynamic or end-user type nodes that shouldn't be sending mail. See: http://www.spamhaus.org/pbl/index.lasso If these Reverse DNS or Dynamic IP range type issues cannot be addressed, the only other option is to setup your system to relay through a smarthost that is in correctly configured IP space. This would typically be the upstream ISPs mail relay. In Exchange 2003 this is configured in properties of the default smtp virtual server-Delivery tab-Advanced...-Smart Host field ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: NDR SPAM
I am a bit of a hard nose on this whole backscatter issue. People that are doing what you describe are more than welcome to do so as far as I am concerned. As long as they follow the RFC. If they respond with '250 Message accepted' then they MUST either deliver the message or return the NDR to the SENDER. (caps added based upon my recollection of that RFC). Sending to a from address does not ensure that it is going to the sender. That makes them abusive and subject to blacklisting. People trying to solve their incoming spam problem by abusing other peoples email systems really tick me off. -Original Message- From: Campbell, Rob [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 12:35 PM To: MS-Exchange Admin Issues Subject: RE: NDR SPAM Unfortunately, many MTA's have started using delayed delivery failure as a means of thwarting address harvesting. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: NDR SPAM
Ours detects harvesting and blocks connections from the guilty IP for 24 hours with a 4xx code. -Original Message- From: Campbell, Rob [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 9:35 AM To: MS-Exchange Admin Issues Subject: RE: NDR SPAM Unfortunately, many MTA's have started using delayed delivery failure as a means of thwarting address harvesting. -Original Message- From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 11:29 AM To: MS-Exchange Admin Issues Subject: Re: NDR SPAM Something to note, is that you can choose to report backscatter NDR senders to their ISP and to DNS blacklists that track these types of offenses. NDRs should only be communicated via the SMTP session in the form of an SMTP status code. They should not be sent post-reception as emails. Sender authentication (SPF, etc) use and scrutiny will surely increase over the next few years, but its going to be slow climb. Filtering for specific verbiage of certain NDRs is relatively easy to do - particularly if you have a filter that supports true regular expression syntax. On Thu, Jun 5, 2008 at 12:22 PM, Kennedy, Jim [EMAIL PROTECTED] wrote: Sue them! Sorry, couldn't resist J Nothing will really work. Things you can do to help a bit. Put up an SPF record, hopefully more people will start using them. That would stop the servers that are sending you the NDR's from accepting the original message in the first placebut I would argue that anyone sending NDR Spam (backscatter) probably isn't bright enough to use SPF in the first place. Aggressive blacklist usage and block at the IP address. More and more RBL's are listing people that send the NDR spam (backscatter). This works very well for us. Contact the postmaster that send it to you and give them a hard time about it. If we all did that it would clear up pretty quick.. Sorry, that is about it. No real solution to this one. From: Theochares, George [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 8:46 AM To: MS-Exchange Admin Issues Subject: NDR SPAM Getting hit with more NDR SPAM. Most is stopped but has anyone found a solution that really works? -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Outbound Email Filtering
Ditto. -Original Message- From: JB [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04, 2008 9:12 PM To: MS-Exchange Admin Issues Subject: Re: Outbound Email Filtering scanning for SPAM, AV etc. _ John Bowles - Original Message From: Kurt Buff [EMAIL PROTECTED] To: MS-Exchange Admin Issues exchangelist@lyris.sunbelt-software.com Sent: Wednesday, June 4, 2008 9:08:18 PM Subject: Re: Outbound Email Filtering Define filter On Wed, Jun 4, 2008 at 5:05 PM, JB [EMAIL PROTECTED] wrote: All- Question I have, more like a survey.. How many people filter outbound email to the internet? Thanks, _ John Bowles ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Diff between SMTP Connector SMTP virtual server
Dear All What is the major difference between SMTP virtual server SMTP connector? Thanks Regards Nirav Doshi System Administrator Bitscape IT Solutions ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Server 2008 Exchange Tools Anyone
Well the issue was my own (no surprises eh?) I had a couple DCs in a rarely used domain with time off by 7+ minutes (still fighting host time on a single VM box). Replication was off and Kerb keys were probably not working. Fixed that and the issue disappeared. Tools now bring up the exchange environment as designed. Have a great day -troy From: Troy Meyer [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04, 2008 12:23 PM To: MS-Exchange Admin Issues Subject: Server 2008 Exchange Tools Anyone Here is an interesting one, I am trying to install the Exchange 2007 SP1 x64 tools on a Windows 2008 x64 member server. The install completes just fine, but when I open the console or management shell I get this - An Active Directory error 0x8000 occurred when looking for global catalogs in forest x.local: Logon Failure: unknown user name or bad password. Obviously its having credential issues, but why? My account is a domain admin and I have no issues on other servers using these tools. Anyone running Exchange tools on a W2k8 x64 box? Did I miss something ? -Troy ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Diff between SMTP Connector SMTP virtual server
A connector can be scoped on a per-domain basis. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Nirav Doshi [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 12:16 PM To: MS-Exchange Admin Issues Subject: Diff between SMTP Connector SMTP virtual server Dear All What is the major difference between SMTP virtual server SMTP connector? Thanks Regards Nirav Doshi System Administrator Bitscape IT Solutions __ Information from ESET Smart Security, version of virus signature database 2740 (20071221) __ The message was checked by ESET Smart Security. http://www.eset.com ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Buller?
Buller? Bob Fronk [EMAIL PROTECTED] ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Buller?
Fry? On Thu, Jun 5, 2008 at 12:20 PM, Bob Fronk [EMAIL PROTECTED] wrote: Buller? Bob Fronk [EMAIL PROTECTED] ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Buller?
Bueller? Anyone? On Thu, Jun 5, 2008 at 10:20 AM, Bob Fronk [EMAIL PROTECTED] wrote: Buller? Bob Fronk [EMAIL PROTECTED] -- Kat Collins - The Email of the species is more powerful than the Mail! ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Buller?
Marco? From: Kat Collins [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 12:22 PM To: MS-Exchange Admin Issues Subject: Re: Buller? Bueller? Anyone? On Thu, Jun 5, 2008 at 10:20 AM, Bob Fronk [EMAIL PROTECTED] wrote: Buller? Bob Fronk [EMAIL PROTECTED] -- Kat Collins - The Email of the species is more powerful than the Mail! ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Buller?
Ferris? From: Bob Fronk [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 11:20 AM To: MS-Exchange Admin Issues Subject: Buller? Buller? Bob Fronk [EMAIL PROTECTED] This message contains confidential information and is intended only for the intended recipient(s). If you are not the named recipient you should not read, distribute or copy this e-mail. Please notify the sender immediately via e-mail if you have received this e-mail by mistake; then, delete this e-mail from your system. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Buller?
Would you like to see my collection of assorted lengths of wire? From: Steve Ens [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 12:22 PM To: MS-Exchange Admin Issues Subject: Re: Buller? ** Note: The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. ** ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Buller?
Its Bueller. Um, he's sick. My best friend's sister's boyfriend's brother's girlfriend heard from this guy who knows this kid who's going with the girl who saw Ferris pass out at 31 Flavors last night. I guess it's pretty serious. On Thu, Jun 5, 2008 at 1:20 PM, Bob Fronk [EMAIL PROTECTED] wrote: Buller? Bob Fronk [EMAIL PROTECTED] -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Public Folder Permissions
If the client is able to Publish or Create a public folder, then they will be owner of that public folder (PF). If they own the PF then they can delete the PF. Why do they need to be able to Create sub-folders? I would ask them their plan, create the structure, give them EDITOR (NO PUBLISHING). Nikki From: ExchList [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 7:27 AM To: MS-Exchange Admin Issues Subject: Public Folder Permissions My question involves trying to prevent the problem I ran into yester. I created a Mail Enabled Public Folder. User need to perform the following: 1. Create sub-folders. 2. Delete/Move email messages I want to prevent them from Deleting any folders (especially the top Mail Enabled folder). Suggestions anyone? Joseph Danielsen, CSBS, MCSA-2003, MCSA-2000 (Messaging), MCP Network Blade Inc. 49 Marcy Street Somerset, NJ 08873 732-213-0600 www.networkblade.com http://www.networkblade.com/ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Buller?
Is it Friday yet? -Original Message- From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 10:28 AM To: MS-Exchange Admin Issues Subject: Re: Buller? Its Bueller. Um, he's sick. My best friend's sister's boyfriend's brother's girlfriend heard from this guy who knows this kid who's going with the girl who saw Ferris pass out at 31 Flavors last night. I guess it's pretty serious. On Thu, Jun 5, 2008 at 1:20 PM, Bob Fronk [EMAIL PROTECTED] wrote: Buller? Bob Fronk [EMAIL PROTECTED] -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Buller?
I had sent a couple posts to the lists today and this is the only one that showed up. I hadn't received anything most of the morning either. Just checking. Guess it works now. Bob Fronk [EMAIL PROTECTED] -Original Message- From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:28 PM To: MS-Exchange Admin Issues Subject: Re: Buller? Its Bueller. Um, he's sick. My best friend's sister's boyfriend's brother's girlfriend heard from this guy who knows this kid who's going with the girl who saw Ferris pass out at 31 Flavors last night. I guess it's pretty serious. On Thu, Jun 5, 2008 at 1:20 PM, Bob Fronk [EMAIL PROTECTED] wrote: Buller? Bob Fronk [EMAIL PROTECTED] -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Buller?
Save Ferris! Bill Lambert Concuity 847-941-9206 -Original Message- From: Bob Fronk [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 12:35 PM To: MS-Exchange Admin Issues Subject: RE: Buller? I had sent a couple posts to the lists today and this is the only one that showed up. I hadn't received anything most of the morning either. Just checking. Guess it works now. Bob Fronk [EMAIL PROTECTED] -Original Message- From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:28 PM To: MS-Exchange Admin Issues Subject: Re: Buller? Its Bueller. Um, he's sick. My best friend's sister's boyfriend's brother's girlfriend heard from this guy who knows this kid who's going with the girl who saw Ferris pass out at 31 Flavors last night. I guess it's pretty serious. On Thu, Jun 5, 2008 at 1:20 PM, Bob Fronk [EMAIL PROTECTED] wrote: Buller? Bob Fronk [EMAIL PROTECTED] -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Buller?
Hrm. Mostly chatter about backscatter spam, although Bob Free referenced a useful article in Network World magazine that lists some great Open Source tools. Here's the link to the article: http://www.networkworld.com/community/20-open-source-windows-tools?page=0%2C0 Bob was mentioning mRemote specifically, but there are many other good tools in the list. HTH! On Thu, Jun 5, 2008 at 1:35 PM, Bob Fronk [EMAIL PROTECTED] wrote: I had sent a couple posts to the lists today and this is the only one that showed up. I hadn't received anything most of the morning either. Just checking. Guess it works now. Bob Fronk [EMAIL PROTECTED] -Original Message- From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:28 PM To: MS-Exchange Admin Issues Subject: Re: Buller? Its Bueller. Um, he's sick. My best friend's sister's boyfriend's brother's girlfriend heard from this guy who knows this kid who's going with the girl who saw Ferris pass out at 31 Flavors last night. I guess it's pretty serious. On Thu, Jun 5, 2008 at 1:20 PM, Bob Fronk [EMAIL PROTECTED] wrote: Buller? Bob Fronk [EMAIL PROTECTED] -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ -- ME2 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Outbound Email Filtering
We scan for viruses, inappropriate content and apply the same attachment filters as on inbound email. We also block both inbound and outbound to/from our retail locations (with certain exceptions). Spam checking is done on inbound only. - Sent from my BlackBerry Wireless Handheld - Original Message - From: JB [EMAIL PROTECTED] To: MS-Exchange Admin Issues exchangelist@lyris.sunbelt-software.com Sent: Wed Jun 04 18:44:20 2008 Subject: Re: Outbound Email Filtering Can you guys state the reasons why you scan outbound email? Just curious on both sides of the fence the reasons why. Thanks, _ John Bowles - Original Message From: John Cook [EMAIL PROTECTED] To: MS-Exchange Admin Issues exchangelist@lyris.sunbelt-software.com Sent: Wednesday, June 4, 2008 8:18:29 PM Subject: Re: Outbound Email Filtering I do. - Original Message - From: JB [EMAIL PROTECTED] To: MS-Exchange Admin Issues exchangelist@lyris.sunbelt-software.com Sent: Wed Jun 04 20:05:35 2008 Subject: Outbound Email Filtering All- Question I have, more like a survey.. How many people filter outbound email to the internet? Thanks, _ John Bowles ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja ~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Exchange VPN DNS issue
Sorry if this shows up twice.. I never saw the first one hit the list. I am sure I am missing something simple here, but I have looked at everything I can think of and have not found the solution. Here is the setup: At my house, I have commercial Internet service with static IPs. I have a Cisco 2811 with AIM VPN module, with a VPN to the Cisco Concentrator at my office. I have an AD setup with SBS2K3 on a separate domain. In order to be able to access my work network I have added a forwarder for that domain in my SBS DNS. Everything works great. Except for one thing: I cannot send email from my personal domain to my work domain. If I remove the forwarder, I can send email to that domain fine. I can telnet from my home to the work Exchange and drop an email that way. I can ping work Exchange machine. I have tried adding a host record on my SBS to send the email to the Internet rather than the VPN, but that does not seem to fix the issue. I tried to add a static record on the SBS DNS to the work Exchange. Did not help. The error is Could not deliver the message in the time limit specified. Please retry or contact your administrator. #4.4.7 Do I need to setup another connector and point it to a relay within the work network? Any Ideas? Bob Fronk [EMAIL PROTECTED] ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Server 2008 Exchange Tools Anyone
On Thu, Jun 5, 2008 at 10:09 AM, Troy Meyer [EMAIL PROTECTED] wrote: snip (still fighting host time on a single VM box). snip Don't do this. Time is notoriously tricky on a guest OS, if that's what your thinking of, and I don't think that the host OS will be your best be either. If you must do with with a server, your standalone DC with the FSMO roles on it would be your best bet It would probably be better to set up a network switch/router to poll pool.ntp.org for its time, and serve you network that way. Or, even better, a GPS/WWV server with a LAN connection, if you care that much about it. Kurt ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Outbound Email Filtering
We use Appriver for outbound filtering as well as delivery (via smarthost) -Original Message- From: JB [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04, 2008 8:06 PM To: MS-Exchange Admin Issues Subject: Outbound Email Filtering All- Question I have, more like a survey.. How many people filter outbound email to the internet? Thanks, _ John Bowles ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Tar Pitting
The only way I can fathom that legitimate mail could be affected would be when a message contains both valid and invalid recipients. This particular message would be delayed for the valid recipients by (number of invalid recipients) * (tarpit delay time). Unless there are dozens of invalid recipients included in this message, the delay would not be significant. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:57 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Thanks, Carl. I had thought that it wouldn't affect performance but there was a statement in a MS article that said tar pitting may delay the delivery of legitimate mail. I appreciate the reply! Bill Lambert Concuity 847-941-9206 From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 11:39 AM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Tarpitting only changes behavior for mail that can't be delivered. There's no effect on normal mail flow. If you filter recipients who are not in the directory and receive mail directly with no intervening relay host, you should definitely enable it. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 12:20 PM To: MS-Exchange Admin Issues Subject: Tar Pitting I'm curious if any of you with Exchange 2003 that use recipient filtering also use the SMTP tar pit feature. If so, can you give comments on its effect on mail flow/performance if any? Thanks in advance for any advice/comments. Bill Lambert Windows System Administrator Concuity A healthcare division of Trintech, Inc. Phone 847-941-9206 Fax 847-465-9147 NASDAQ: TTPA The information contained in this e-mail message, including any attached files, is intended only for the personal and confidential use of the recipient(s) named above. If you are not the intended recipient (or authorized to receive information for the recipient) you are hereby notified that you have received this communication in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please contact the sender by reply email and delete all copies of this message. Thank you. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image001.gif
RE: Tar Pitting
What is there to remember? Tarpitting is simply this: If you (the sending smtp server) tell me an invalid recipient, I am going to wait for the tarpit delay time before I reject it and allow you to continue the smtp conversation with me. From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 4:10 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting So, the tar pitting component does not remember from one message to the next - even in the same connection? _ From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:05 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting The only way I can fathom that legitimate mail could be affected would be when a message contains both valid and invalid recipients. This particular message would be delayed for the valid recipients by (number of invalid recipients) * (tarpit delay time). Unless there are dozens of invalid recipients included in this message, the delay would not be significant. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:57 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Thanks, Carl. I had thought that it wouldn't affect performance but there was a statement in a MS article that said tar pitting may delay the delivery of legitimate mail. I appreciate the reply! Bill Lambert Concuity 847-941-9206 From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 11:39 AM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Tarpitting only changes behavior for mail that can't be delivered. There's no effect on normal mail flow. If you filter recipients who are not in the directory and receive mail directly with no intervening relay host, you should definitely enable it. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 12:20 PM To: MS-Exchange Admin Issues Subject: Tar Pitting I'm curious if any of you with Exchange 2003 that use recipient filtering also use the SMTP tar pit feature. If so, can you give comments on its effect on mail flow/performance if any? Thanks in advance for any advice/comments. Bill Lambert Windows System Administrator Concuity A healthcare division of Trintech, Inc. Phone 847-941-9206 Fax 847-465-9147 NASDAQ: TTPA The information contained in this e-mail message, including any attached files, is intended only for the personal and confidential use of the recipient(s) named above. If you are not the intended recipient (or authorized to receive information for the recipient) you are hereby notified that you have received this communication in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please contact the sender by reply email and delete all copies of this message. Thank you. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image001.gif
RE: Tar Pitting
Got it - it's not IP based but single message based - if that makes sense. thanks From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:16 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting What is there to remember? Tarpitting is simply this: If you (the sending smtp server) tell me an invalid recipient, I am going to wait for the tarpit delay time before I reject it and allow you to continue the smtp conversation with me. From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 4:10 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting So, the tar pitting component does not remember from one message to the next - even in the same connection? From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:05 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting The only way I can fathom that legitimate mail could be affected would be when a message contains both valid and invalid recipients. This particular message would be delayed for the valid recipients by (number of invalid recipients) * (tarpit delay time). Unless there are dozens of invalid recipients included in this message, the delay would not be significant. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:57 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Thanks, Carl. I had thought that it wouldn't affect performance but there was a statement in a MS article that said tar pitting may delay the delivery of legitimate mail. I appreciate the reply! Bill Lambert Concuity 847-941-9206 From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 11:39 AM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Tarpitting only changes behavior for mail that can't be delivered. There's no effect on normal mail flow. If you filter recipients who are not in the directory and receive mail directly with no intervening relay host, you should definitely enable it. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 12:20 PM To: MS-Exchange Admin Issues Subject: Tar Pitting I'm curious if any of you with Exchange 2003 that use recipient filtering also use the SMTP tar pit feature. If so, can you give comments on its effect on mail flow/performance if any? Thanks in advance for any advice/comments. Bill Lambert Windows System Administrator Concuity A healthcare division of Trintech, Inc. Phone 847-941-9206 Fax 847-465-9147 NASDAQ: TTPA The information contained in this e-mail message, including any attached files, is intended only for the personal and confidential use of the recipient(s) named above. If you are not the intended recipient (or authorized to receive information for the recipient) you are hereby notified that you have received this communication in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please contact the sender by reply email and delete all copies of this message. Thank you. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~image001.gif
RE: NDR SPAM
Getting hit with more NDR SPAM. Most is stopped but has anyone found a solution that really works? BATV: http://en.wikipedia.org/wiki/Bounce_Address_Tag_Validation The Ironport solution uses this although they don't call it that. It works really well, though be sure you have the latest release of AsyncOS 5.5 or 6.1 due to a recently fixed bug. Note that BATV can aggravate issues caused by receivers who've implemented abusive anti-spam measures like SAV callbacks or challenge-response. ~JasonG -- ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Server 2008 Exchange Tools Anyone
KB I appreciate the advice and totally agree. It just seems weird that throughout our ESX environment we run NTP client on the hosts and sync to a time server, then tell the VMs to time from the host. (PS that time server should also be what our PDCem is syncing to for AD.) This one host just seems to be an issue, and then couple that with a domain that is seldom used for a deprecated application and I am less likely to catch the issue. Note to self, sometimes the little things are more important than they seem don't put off fixing the time issue :) -troy -Original Message- From: Kurt Buff [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 11:39 AM To: MS-Exchange Admin Issues Subject: Re: Server 2008 Exchange Tools Anyone On Thu, Jun 5, 2008 at 10:09 AM, Troy Meyer [EMAIL PROTECTED] wrote: snip (still fighting host time on a single VM box). snip Don't do this. Time is notoriously tricky on a guest OS, if that's what your thinking of, and I don't think that the host OS will be your best be either. If you must do with with a server, your standalone DC with the FSMO roles on it would be your best bet It would probably be better to set up a network switch/router to poll pool.ntp.org for its time, and serve you network that way. Or, even better, a GPS/WWV server with a LAN connection, if you care that much about it. Kurt ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Tar Pitting
Where the problems come with tarpitting is when people set the time delay too long. To be effective it doesn't need to be more than 5 seconds. Carl isn't quite 100% correct in its behaviour. It affects all recipients, valid or not. The idea is that a spammer is slowed down when carrying out a directory harvest attack. I personally feel that you shouldn't enable recipient filtering without tarpit. Tarpit is enabled by default in Exchange 2007. Simon. -- Simon Butler MVP: Exchange, MCSE Amset IT Solutions Ltd. e: [EMAIL PROTECTED] w: www.amset.co.uk w: www.amset.info Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? http://CertificatesForExchange.com/http://certificatesforexchange.com/ for certificates from just $23.99. Need a domain for your certificate? http://DomainsForExchange.net/http://domainsforexchange.net/ From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: 05 June 2008 21:25 To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Got it - it's not IP based but single message based - if that makes sense. thanks From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:16 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting What is there to remember? Tarpitting is simply this: If you (the sending smtp server) tell me an invalid recipient, I am going to wait for the tarpit delay time before I reject it and allow you to continue the smtp conversation with me. From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 4:10 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting So, the tar pitting component does not remember from one message to the next - even in the same connection? From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:05 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting The only way I can fathom that legitimate mail could be affected would be when a message contains both valid and invalid recipients. This particular message would be delayed for the valid recipients by (number of invalid recipients) * (tarpit delay time). Unless there are dozens of invalid recipients included in this message, the delay would not be significant. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:57 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Thanks, Carl. I had thought that it wouldn't affect performance but there was a statement in a MS article that said tar pitting may delay the delivery of legitimate mail. I appreciate the reply! Bill Lambert Concuity 847-941-9206 From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 11:39 AM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Tarpitting only changes behavior for mail that can't be delivered. There's no effect on normal mail flow. If you filter recipients who are not in the directory and receive mail directly with no intervening relay host, you should definitely enable it. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 12:20 PM To: MS-Exchange Admin Issues Subject: Tar Pitting I'm curious if any of you with Exchange 2003 that use recipient filtering also use the SMTP tar pit feature. If so, can you give comments on its effect on mail flow/performance if any? Thanks in advance for any advice/comments. Bill Lambert Windows System Administrator Concuity A healthcare division of Trintech, Inc. Phone 847-941-9206 Fax 847-465-9147 NASDAQ: TTPA The information contained in this e-mail message, including any attached files, is intended only for the personal and confidential use of the recipient(s) named above. If you are not the intended recipient (or authorized to receive information for the recipient) you are hereby notified that you have received this communication in error and that any review, dissemination, distribution, or copying of this message is strictly prohibited. If you have received this communication in error, please contact the sender by reply email and delete all copies of this message. Thank you. ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Outbound Email Filtering
AppRiver provides outbound filtering also? From: Joseph Schvarcz [mailto:[EMAIL PROTECTED] Sent: Thu 6/5/2008 2:23 PM To: MS-Exchange Admin Issues Subject: RE: Outbound Email Filtering We use Appriver for outbound filtering as well as delivery (via smarthost) -Original Message- From: JB [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04, 2008 8:06 PM To: MS-Exchange Admin Issues Subject: Outbound Email Filtering All- Question I have, more like a survey.. How many people filter outbound email to the internet? Thanks, _ John Bowles ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~ ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Hosting Multiple domains in Exchange 2003
On Thu, Jun 5, 2008 at 11:34 AM, Jason Gurtz [EMAIL PROTECTED] wrote: This is much more than rumor. In addition to regex style filters that look for generic/dynamic looking PTRs, more and more sites are also blocking if the PTR does not match the A. The later is nothing new -- it's called a double reverse lookup. That's been around since at least the mid 1990's. Indeed, just checking for the existence of a PTR record is pretty useless, since anyone can put anything they want for IP address space they control. I could add a PTR record claiming my server is www.yahoo.com. Checking to make sure the name returned by the PTR lookup itself returns an A record matching the original IP address actually makes sure the forward and reverse DNS agree. (Still of questionable effectiveness -- spammers buy domain names, too -- but at least it's doing *something*.) Pattern matching in an attempt to identify domain names which look funny is something I haven't encountered myself, which is why I qualified it that way. I did check the IP addresses I indicated, and forward and reverse lookups are consistent for them. But if someone is trying to make blacklist decisions based on how a domain name looks, that's another beast entirely. DNS is still valid in that case. Fixing this is not as big of a problem as it was a couple years back if you have a business level account. Unfortunately, one still encounters problems when there are multiple layers between the person finding the problem and the person who can fix it. Which is not uncommon. One scenario I've encountered at least twice is: I identify a DNS problem, and tell the client about it. They contact the marketing department to find out they've outsourced some Internet marketing activities. I chase that to the marketing contractor, and complain until they put me in touch with their web designer, who in turn says they use a third-party hosting company. I get in touch with the hosting company, who is actually just renting a server from some big colo provider. Then the colo has to forward my request to their ISP. Fun! -- Ben ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Hosting Multiple domains in Exchange 2003
On Thu, Jun 5, 2008 at 12:17 PM, Jonathan Gruber [EMAIL PROTECTED] wrote: Here is the log entry, seems like it might be blacklisted, but I can't find any blacklist that lists us. 2008-06-05 14:02:15 207.115.11.16 OutboundConnectionResponse SMTPSVC1 VM2 - 25 - - 550-67.91.139.138+blocked+by+ldap:ou=rblmx,dc=bellsouth,dc=net 0 0 62 0 260 SMTP - - - - Well, their server is definitely rejecting you. The ou=rblmx,dc=bellsouth,dc=ne is LDAP-speak for domain context 'bellsouth.net', organizational unit 'rblmx'. So they're apparently running their own, internal blacklist server. That might be fed from other blacklists, or be something entirely of their own construction. Only they know for sure. You'll need to contact them. A Google search for ou=rblmx,dc=bellsouth,dc=net did find this: http://worldnet.att.net/general-info/bls_info/block_inquiry.html Start there. For the other 2 sites I am immediately kicked to a google search which lists the site as the only result. That's Internet Explorer trying to help you. If you're going to be an IT guy, you need to know what's *really* going on. Go into Tools - Internet Options - Advanced, and set the following: Browsing - Show friendly HTTP error messages = Disabled Search from the Address bar = Do not search from the address bar You may also want to install another browser and use that for testing. Internet Explorer has really lousy diagnostics; it tends to give the same message (Cannot find server or DNS Error) for *everything*. I like the Firefox browser. however just now when I tried to verify the errors I had no trouble accessing the site if I use www. If I just type in sealcoatmydrive.com it gives me the google run around, but both are in the host header value in IIS. As I recall, last night, a lookup for www.moyersconstruction.com vs moyersconstruction.com returned two different A records. Likewise for sealcoatmydrive.com. It might have been a mistake on the part of whoever you have doing your hosting. Right now, I get the same A record for both of them, so perhaps it has been fixed. Try again. If it still does it: 1. Clear your browser cache. 2. Use PING to compare the IP addresses the various different domain names are resolving too. 3. If you find a discrepency in step 1, use NSLOOKUP to chase the DNS resolution chain back to where the problem is, and clear the DNS resolver cache of the offending system. 4. Try using TELNET to make a manual TCP connection on port 80, and see if you can get through that way. For step 4, if you're not familiar with the procedure, read http://usertools.plus.net/tutorials/id/21, section entitled Checking a web server. -- Ben ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Buller?
Polo! From: Maglinger, Paul [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 10:23 AM To: MS-Exchange Admin Issues Subject: RE: Buller? Marco? From: Kat Collins [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 12:22 PM To: MS-Exchange Admin Issues Subject: Re: Buller? Bueller? Anyone? On Thu, Jun 5, 2008 at 10:20 AM, Bob Fronk [EMAIL PROTECTED] wrote: Buller? Bob Fronk [EMAIL PROTECTED] -- Kat Collins - The Email of the species is more powerful than the Mail! ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Exchange VPN DNS issue
On Thu, Jun 5, 2008 at 1:48 PM, Bob Fronk [EMAIL PROTECTED] wrote: I cannot send email from my personal domain to my work domain. If I remove the forwarder, I can send email to that domain fine. Use NSLOOKUP to lookup the MX records for both domains (sending and receiving). Also resolve the MX names to A records, if needed. Compare the results of those tests with and without the DNS forwarder. I can ping work Exchange machine. Can you connect to it on TCP port 25? Could not deliver the message in the time limit specified. Please retry or contact your administrator. #4.4.7 Exchange DSNs are useless when it comes to diagnostics. That's just a message telling you that Exchange had trouble, tried again few times, and then gave up. It does not actually tell you what went wrong. You have to turn on SMTP protocol logging on the Exchange server, and read the IIS protocol log to get the transcript of the SMTP session. That will tell you what's actually going wrong. -- Ben ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Tar Pitting
I'm afraid that Carl is 100% correct for Exchange 2003, the version used by the OP. Perhaps a change was made in Exchange 2007, I can't verify that. Carl From: Simon Butler [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 5:05 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Where the problems come with tarpitting is when people set the time delay too long. To be effective it doesn't need to be more than 5 seconds. Carl isn't quite 100% correct in its behaviour. It affects all recipients, valid or not. The idea is that a spammer is slowed down when carrying out a directory harvest attack. I personally feel that you shouldn't enable recipient filtering without tarpit. Tarpit is enabled by default in Exchange 2007. Simon. -- Simon Butler MVP: Exchange, MCSE Amset IT Solutions Ltd. e: [EMAIL PROTECTED] w: www.amset.co.uk w: www.amset.info Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? http://CertificatesForExchange.com/ for certificates from just $23.99. Need a domain for your certificate? http://DomainsForExchange.net/ _ From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: 05 June 2008 21:25 To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Got it - it's not IP based but single message based - if that makes sense. thanks _ From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:16 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting What is there to remember? Tarpitting is simply this: If you (the sending smtp server) tell me an invalid recipient, I am going to wait for the tarpit delay time before I reject it and allow you to continue the smtp conversation with me. From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 4:10 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting So, the tar pitting component does not remember from one message to the next - even in the same connection? _ From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:05 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting The only way I can fathom that legitimate mail could be affected would be when a message contains both valid and invalid recipients. This particular message would be delayed for the valid recipients by (number of invalid recipients) * (tarpit delay time). Unless there are dozens of invalid recipients included in this message, the delay would not be significant. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:57 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Thanks, Carl. I had thought that it wouldn't affect performance but there was a statement in a MS article that said tar pitting may delay the delivery of legitimate mail. I appreciate the reply! Bill Lambert Concuity 847-941-9206 From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 11:39 AM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Tarpitting only changes behavior for mail that can't be delivered. There's no effect on normal mail flow. If you filter recipients who are not in the directory and receive mail directly with no intervening relay host, you should definitely enable it. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 12:20 PM To: MS-Exchange Admin Issues Subject: Tar Pitting I'm curious if any of you with Exchange 2003 that use recipient filtering also use the SMTP tar pit feature. If so, can you give comments on its effect on mail flow/performance if any? Thanks in advance for any advice/comments. Bill Lambert Windows System Administrator Concuity A healthcare division of Trintech, Inc. Phone 847-941-9206 Fax 847-465-9147 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Tar Pitting
It is all recipients - because it slows down any response that generates 5.x.x error code. That isn't just invalid recipients - but that is the most common use for its protection. It can also slow down malformed messages to valid recipients as well. http://support.microsoft.com/default.aspx?kbid=842851 Simon. From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: 06 June 2008 00:28 To: MS-Exchange Admin Issues Subject: RE: Tar Pitting I'm afraid that Carl is 100% correct for Exchange 2003, the version used by the OP. Perhaps a change was made in Exchange 2007, I can't verify that. Carl From: Simon Butler [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 5:05 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Where the problems come with tarpitting is when people set the time delay too long. To be effective it doesn't need to be more than 5 seconds. Carl isn't quite 100% correct in its behaviour. It affects all recipients, valid or not. The idea is that a spammer is slowed down when carrying out a directory harvest attack. I personally feel that you shouldn't enable recipient filtering without tarpit. Tarpit is enabled by default in Exchange 2007. Simon. -- Simon Butler MVP: Exchange, MCSE Amset IT Solutions Ltd. e: [EMAIL PROTECTED] w: www.amset.co.uk w: www.amset.info Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? http://CertificatesForExchange.com/http://certificatesforexchange.com/ for certificates from just $23.99. Need a domain for your certificate? http://DomainsForExchange.net/http://domainsforexchange.net/ From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: 05 June 2008 21:25 To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Got it - it's not IP based but single message based - if that makes sense. thanks From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:16 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting What is there to remember? Tarpitting is simply this: If you (the sending smtp server) tell me an invalid recipient, I am going to wait for the tarpit delay time before I reject it and allow you to continue the smtp conversation with me. From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 4:10 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting So, the tar pitting component does not remember from one message to the next - even in the same connection? From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:05 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting The only way I can fathom that legitimate mail could be affected would be when a message contains both valid and invalid recipients. This particular message would be delayed for the valid recipients by (number of invalid recipients) * (tarpit delay time). Unless there are dozens of invalid recipients included in this message, the delay would not be significant. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:57 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Thanks, Carl. I had thought that it wouldn't affect performance but there was a statement in a MS article that said tar pitting may delay the delivery of legitimate mail. I appreciate the reply! Bill Lambert Concuity 847-941-9206 From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 11:39 AM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Tarpitting only changes behavior for mail that can't be delivered. There's no effect on normal mail flow. If you filter recipients who are not in the directory and receive mail directly with no intervening relay host, you should definitely enable it. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 12:20 PM To: MS-Exchange Admin Issues Subject: Tar Pitting I'm curious if any of you with Exchange 2003 that use recipient filtering also use the SMTP tar pit feature. If so, can you give comments on its effect on mail flow/performance if any? Thanks in advance for any advice/comments. Bill Lambert Windows System Administrator Concuity A healthcare division of Trintech, Inc. Phone 847-941-9206 Fax 847-465-9147 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
RE: Tar Pitting
When you said it affects all recipients that suggested (to me anyway) that both valid and invalid recipients would have a tarpit delay if tarpitting was enabled. Thank you for clarifying that that is not the case. To give the 100% correct summary: Messages that are accepted and all recipients are valid are not delayed by tarpitting. Carl From: Simon Butler [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 8:17 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting It is all recipients - because it slows down any response that generates 5.x.x error code. That isn't just invalid recipients - but that is the most common use for its protection. It can also slow down malformed messages to valid recipients as well. http://support.microsoft.com/default.aspx?kbid=842851 Simon. _ From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: 06 June 2008 00:28 To: MS-Exchange Admin Issues Subject: RE: Tar Pitting I'm afraid that Carl is 100% correct for Exchange 2003, the version used by the OP. Perhaps a change was made in Exchange 2007, I can't verify that. Carl From: Simon Butler [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 5:05 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Where the problems come with tarpitting is when people set the time delay too long. To be effective it doesn't need to be more than 5 seconds. Carl isn't quite 100% correct in its behaviour. It affects all recipients, valid or not. The idea is that a spammer is slowed down when carrying out a directory harvest attack. I personally feel that you shouldn't enable recipient filtering without tarpit. Tarpit is enabled by default in Exchange 2007. Simon. -- Simon Butler MVP: Exchange, MCSE Amset IT Solutions Ltd. e: [EMAIL PROTECTED] w: www.amset.co.uk w: www.amset.info Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? http://CertificatesForExchange.com/ for certificates from just $23.99. Need a domain for your certificate? http://DomainsForExchange.net/ _ From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: 05 June 2008 21:25 To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Got it - it's not IP based but single message based - if that makes sense. thanks _ From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:16 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting What is there to remember? Tarpitting is simply this: If you (the sending smtp server) tell me an invalid recipient, I am going to wait for the tarpit delay time before I reject it and allow you to continue the smtp conversation with me. From: Don Andrews [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 4:10 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting So, the tar pitting component does not remember from one message to the next - even in the same connection? _ From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:05 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting The only way I can fathom that legitimate mail could be affected would be when a message contains both valid and invalid recipients. This particular message would be delayed for the valid recipients by (number of invalid recipients) * (tarpit delay time). Unless there are dozens of invalid recipients included in this message, the delay would not be significant. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 1:57 PM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Thanks, Carl. I had thought that it wouldn't affect performance but there was a statement in a MS article that said tar pitting may delay the delivery of legitimate mail. I appreciate the reply! Bill Lambert Concuity 847-941-9206 From: Carl Houseman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 11:39 AM To: MS-Exchange Admin Issues Subject: RE: Tar Pitting Tarpitting only changes behavior for mail that can't be delivered. There's no effect on normal mail flow. If you filter recipients who are not in the directory and receive mail directly with no intervening relay host, you should definitely enable it. Carl From: Bill Lambert [mailto:[EMAIL PROTECTED] Sent: Thursday, June 05, 2008 12:20 PM To: MS-Exchange Admin Issues Subject: Tar Pitting I'm curious if any of you with Exchange 2003 that use recipient filtering also use the SMTP tar pit feature. If so, can you give comments on its effect on mail flow/performance if any? Thanks in advance for any advice/comments. Bill Lambert Windows System Administrator Concuity A healthcare division of Trintech, Inc. Phone 847-941-9206 Fax 847-465-9147 ~ Ninja Email Security with Cloudmark Spam Engine Gets Image Spam ~ ~ http://www.sunbeltsoftware.com/Ninja~
Re: Tar Pitting
i use ORF (http://www.vamsoft.com) to handle all my tarpitting and recipient validation. (plus other features like DNSBL, SURBL, and Greylisting) Thought i'd bring this up as an alternative to exchange doing it for you, i find it's configuration easier and it's way too cheap for what it gives me. -Ben PS. i'm just a long time customer and thought others could benefit. On Thu, Jun 5, 2008 at 6:19 PM, Carl Houseman [EMAIL PROTECTED] wrote: When you said it affects all recipients that suggested (to me anyway) that both valid and invalid recipients would have a tarpit delay if tarpitting was enabled. Thank you for clarifying that that is not the case. To give the 100% correct summary: Messages that are accepted and all recipients are valid are not delayed by tarpitting. Carl *From:* Simon Butler [mailto:[EMAIL PROTECTED] *Sent:* Thursday, June 05, 2008 8:17 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Tar Pitting It is all recipients - because it slows down any response that generates 5.x.x error code. That isn't just invalid recipients - but that is the most common use for its protection. It can also slow down malformed messages to valid recipients as well. http://support.microsoft.com/default.aspx?kbid=842851 Simon. -- *From:* Carl Houseman [mailto:[EMAIL PROTECTED] *Sent:* 06 June 2008 00:28 *To:* MS-Exchange Admin Issues *Subject:* RE: Tar Pitting I'm afraid that Carl is 100% correct for Exchange 2003, the version used by the OP. Perhaps a change was made in Exchange 2007, I can't verify that. Carl *From:* Simon Butler [mailto:[EMAIL PROTECTED] *Sent:* Thursday, June 05, 2008 5:05 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Tar Pitting Where the problems come with tarpitting is when people set the time delay too long. To be effective it doesn't need to be more than 5 seconds. Carl isn't quite 100% correct in its behaviour. It affects all recipients, valid or not. The idea is that a spammer is slowed down when carrying out a directory harvest attack. I personally feel that you shouldn't enable recipient filtering without tarpit. Tarpit is enabled by default in Exchange 2007. Simon. -- Simon Butler MVP: Exchange, MCSE Amset IT Solutions Ltd. e: [EMAIL PROTECTED] w: www.amset.co.uk w: www.amset.info Need cheap certificates for Exchange, compatible with Windows Mobile 5.0? http://CertificatesForExchange.com/ http://certificatesforexchange.com/for certificates from just $23.99. Need a domain for your certificate? http://DomainsForExchange.net/http://domainsforexchange.net/ -- *From:* Don Andrews [mailto:[EMAIL PROTECTED] *Sent:* 05 June 2008 21:25 *To:* MS-Exchange Admin Issues *Subject:* RE: Tar Pitting Got it – it's not IP based but single message based – if that makes sense. thanks -- *From:* Carl Houseman [mailto:[EMAIL PROTECTED] *Sent:* Thursday, June 05, 2008 1:16 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Tar Pitting What is there to remember? Tarpitting is simply this: If you (the sending smtp server) tell me an invalid recipient, I am going to wait for the tarpit delay time before I reject it and allow you to continue the smtp conversation with me. *From:* Don Andrews [mailto:[EMAIL PROTECTED] *Sent:* Thursday, June 05, 2008 4:10 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Tar Pitting So, the tar pitting component does not remember from one message to the next – even in the same connection? -- *From:* Carl Houseman [mailto:[EMAIL PROTECTED] *Sent:* Thursday, June 05, 2008 1:05 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Tar Pitting The only way I can fathom that legitimate mail could be affected would be when a message contains both valid and invalid recipients. This particular message would be delayed for the valid recipients by (number of invalid recipients) * (tarpit delay time). Unless there are dozens of invalid recipients included in this message, the delay would not be significant. Carl *From:* Bill Lambert [mailto:[EMAIL PROTECTED] *Sent:* Thursday, June 05, 2008 1:57 PM *To:* MS-Exchange Admin Issues *Subject:* RE: Tar Pitting Thanks, Carl. I had thought that it wouldn't affect performance but there was a statement in a MS article that said tar pitting may delay the delivery of legitimate mail. I appreciate the reply! Bill Lambert Concuity 847-941-9206 *From:* Carl Houseman [mailto:[EMAIL PROTECTED] *Sent:* Thursday, June 05, 2008 11:39 AM *To:* MS-Exchange Admin Issues *Subject:* RE: Tar Pitting Tarpitting only changes behavior for mail that can't be delivered. There's no effect on normal mail flow. If you filter recipients who are not in the directory and receive mail directly with no intervening relay host, you should