Spam Filtering HELP

I recently started a new job, and discovered after day one, that I had
inharited a spam mess. Now the previous admin ad installed a Symantic
Spam Server Prox which in my opinion, was a complete waste of money as
it does not allow for blocking IP addresses.
Now here is the question;
I am running Exchange 2003, and am looking at setting up the Conection
Filter under Message Delivery to block messages based on IP address.
The problem is that when I save the IPs to be blocked, I get a message
stating that the Connection filter "has to be enabled manually through
the specific SMTP virtual server IP address assignments as they are not
enabled by default."
This should be easy, however When I attempt to apply these filters to
the IP address that is assigned to the nic card used to connect to the
mail proxy, it blockes nothing.

Any ideas?
Is there another way to filter IP addresses?

Mike
mlawrence(at)fisher-wavy.com

0
mlawrenc (3)
3/7/2005 3:02:56 PM
exchange.admin 57650 articles. 2 followers. Follow

17 Replies
686 Views

Similar Articles

[PageSpeed] 26

Are you still using the Symantec Spam server?  If so, then blocking by IP 
isn't going to do you any good at all as all SMTP messages would be 
delivered by the IP of the Symantec box.  IP blocking only prevents those 
IP's from connecting to your Exchange SMTP server.  You also may need to 
restart the SMTP service on Exchange.

-- 
Ben Winzenz
Exchange MVP


"mike" <mlawrenc@gmail.com> wrote in message 
news:1110207776.972937.62650@o13g2000cwo.googlegroups.com...
>I recently started a new job, and discovered after day one, that I had
> inharited a spam mess. Now the previous admin ad installed a Symantic
> Spam Server Prox which in my opinion, was a complete waste of money as
> it does not allow for blocking IP addresses.
> Now here is the question;
> I am running Exchange 2003, and am looking at setting up the Conection
> Filter under Message Delivery to block messages based on IP address.
> The problem is that when I save the IPs to be blocked, I get a message
> stating that the Connection filter "has to be enabled manually through
> the specific SMTP virtual server IP address assignments as they are not
> enabled by default."
> This should be easy, however When I attempt to apply these filters to
> the IP address that is assigned to the nic card used to connect to the
> mail proxy, it blockes nothing.
>
> Any ideas?
> Is there another way to filter IP addresses?
>
> Mike
> mlawrence(at)fisher-wavy.com
> 


0
Ben
3/7/2005 4:05:35 PM
Hi Mike,
The best way to block IP's is at the SMTP virtual server. Go to 
ESM/Servers/Server Name/Protocols/SMTP. Right click on the Default SMTP 
Virtual Server. Left click on the Properties/Access tab/Connection button. 
Input the IP's you want to block here.

"mike" <mlawrenc@gmail.com> wrote in message 
news:1110207776.972937.62650@o13g2000cwo.googlegroups.com...
>I recently started a new job, and discovered after day one, that I had
> inharited a spam mess. Now the previous admin ad installed a Symantic
> Spam Server Prox which in my opinion, was a complete waste of money as
> it does not allow for blocking IP addresses.
> Now here is the question;
> I am running Exchange 2003, and am looking at setting up the Conection
> Filter under Message Delivery to block messages based on IP address.
> The problem is that when I save the IPs to be blocked, I get a message
> stating that the Connection filter "has to be enabled manually through
> the specific SMTP virtual server IP address assignments as they are not
> enabled by default."
> This should be easy, however When I attempt to apply these filters to
> the IP address that is assigned to the nic card used to connect to the
> mail proxy, it blockes nothing.
>
> Any ideas?
> Is there another way to filter IP addresses?
>
> Mike
> mlawrence(at)fisher-wavy.com
> 


0
ajmiyake (74)
3/7/2005 5:23:25 PM
Is there any way to import a list? I have probably a couple hundred
entries to input.
Also, is there anything I have to do to enable this?

Mike
mlawrence(at)fisher-wavy.com

Allen M wrote:
> Hi Mike,
> The best way to block IP's is at the SMTP virtual server. Go to
> ESM/Servers/Server Name/Protocols/SMTP. Right click on the Default
SMTP
> Virtual Server. Left click on the Properties/Access tab/Connection
button.
> Input the IP's you want to block here.
>
> "mike" <mlawrenc@gmail.com> wrote in message
> news:1110207776.972937.62650@o13g2000cwo.googlegroups.com...
> >I recently started a new job, and discovered after day one, that I
had
> > inharited a spam mess. Now the previous admin ad installed a
Symantic
> > Spam Server Prox which in my opinion, was a complete waste of money
as
> > it does not allow for blocking IP addresses.
> > Now here is the question;
> > I am running Exchange 2003, and am looking at setting up the
Conection
> > Filter under Message Delivery to block messages based on IP
address.
> > The problem is that when I save the IPs to be blocked, I get a
message
> > stating that the Connection filter "has to be enabled manually
through
> > the specific SMTP virtual server IP address assignments as they are
not
> > enabled by default."
> > This should be easy, however When I attempt to apply these filters
to
> > the IP address that is assigned to the nic card used to connect to
the
> > mail proxy, it blockes nothing.
> >
> > Any ideas?
> > Is there another way to filter IP addresses?
> >
> > Mike
> > mlawrence(at)fisher-wavy.com
> >

0
mlawrenc (3)
3/7/2005 7:39:26 PM
I'm sure there is some sort of way to script it and have it populated all at 
once but I do not know. Nothing special you need to do to enable.


"mike" <mlawrenc@gmail.com> wrote in message 
news:1110224366.649028.103410@f14g2000cwb.googlegroups.com...
> Is there any way to import a list? I have probably a couple hundred
> entries to input.
> Also, is there anything I have to do to enable this?
>
> Mike
> mlawrence(at)fisher-wavy.com
>
> Allen M wrote:
>> Hi Mike,
>> The best way to block IP's is at the SMTP virtual server. Go to
>> ESM/Servers/Server Name/Protocols/SMTP. Right click on the Default
> SMTP
>> Virtual Server. Left click on the Properties/Access tab/Connection
> button.
>> Input the IP's you want to block here.
>>
>> "mike" <mlawrenc@gmail.com> wrote in message
>> news:1110207776.972937.62650@o13g2000cwo.googlegroups.com...
>> >I recently started a new job, and discovered after day one, that I
> had
>> > inharited a spam mess. Now the previous admin ad installed a
> Symantic
>> > Spam Server Prox which in my opinion, was a complete waste of money
> as
>> > it does not allow for blocking IP addresses.
>> > Now here is the question;
>> > I am running Exchange 2003, and am looking at setting up the
> Conection
>> > Filter under Message Delivery to block messages based on IP
> address.
>> > The problem is that when I save the IPs to be blocked, I get a
> message
>> > stating that the Connection filter "has to be enabled manually
> through
>> > the specific SMTP virtual server IP address assignments as they are
> not
>> > enabled by default."
>> > This should be easy, however When I attempt to apply these filters
> to
>> > the IP address that is assigned to the nic card used to connect to
> the
>> > mail proxy, it blockes nothing.
>> >
>> > Any ideas?
>> > Is there another way to filter IP addresses?
>> >
>> > Mike
>> > mlawrence(at)fisher-wavy.com
>> >
> 


0
ajmiyake (74)
3/7/2005 8:41:46 PM
"Allen M" <ajmiyake@yahoo.com> wrote in message 
news:u97ZvmzIFHA.3332@TK2MSFTNGP15.phx.gbl...
> Hi Mike,
> The best way to block IP's is at the SMTP virtual server. Go to 
> ESM/Servers/Server Name/Protocols/SMTP. Right click on the Default SMTP 
> Virtual Server. Left click on the Properties/Access tab/Connection button. 
> Input the IP's you want to block here.

Are you absolutely certain this is the way to block IP's from sending email 
*to* your server?  I was under the impression that blocking access to the 
virtual SMTP server using this method was to prevent people from sending 
mail *through* your server (as in "SMTP relaying").  Although, it being a 
"connection" property does lead me to believe that it would prevent the "to" 
and "through" at the same time.  Do you know how/if this method is different 
than using the "Connection Filtering -> Global Accept and Deny List" found 
under Global Settings -> Message Delivery [right-click -> Properties]?


0
none89 (807)
3/7/2005 8:59:22 PM
I am sure this is the way. It is no different that the way you listed below 
however I did post and ask the same question you are here in the NG and got 
an answer "either or will do" from the MVP. Besides I know it works. Tested 
it from home myself.


"BigDogBrian" <none@none.com> wrote in message 
news:Mg3Xd.719$Qz.712@okepread05...
> "Allen M" <ajmiyake@yahoo.com> wrote in message 
> news:u97ZvmzIFHA.3332@TK2MSFTNGP15.phx.gbl...
>> Hi Mike,
>> The best way to block IP's is at the SMTP virtual server. Go to 
>> ESM/Servers/Server Name/Protocols/SMTP. Right click on the Default SMTP 
>> Virtual Server. Left click on the Properties/Access tab/Connection 
>> button. Input the IP's you want to block here.
>
> Are you absolutely certain this is the way to block IP's from sending 
> email *to* your server?  I was under the impression that blocking access 
> to the virtual SMTP server using this method was to prevent people from 
> sending mail *through* your server (as in "SMTP relaying").  Although, it 
> being a "connection" property does lead me to believe that it would 
> prevent the "to" and "through" at the same time.  Do you know how/if this 
> method is different than using the "Connection Filtering -> Global Accept 
> and Deny List" found under Global Settings -> Message Delivery 
> [right-click -> Properties]?
>
> 


0
ajmiyake (74)
3/7/2005 9:28:16 PM
Look in at an email header of the emails you receive from the net.  Received 
entries at the top of the header indicate the path of the email.  The top 
most Recieved line is the last SMTP server that connected to your Exchange 
Server.  If the IP address is the Symantic Spam Server Proxy then you can 
not block within Exchange Server based upon the IP address.  Do you have the 
version number and exact product name of your Symantic Spam Server Proxy 
because you should double check within their news groups that you cannot 
block by IP address.

Geoff Pearce

"mike" <mlawrenc@gmail.com> wrote in message 
news:1110207776.972937.62650@o13g2000cwo.googlegroups.com...
>I recently started a new job, and discovered after day one, that I had
> inharited a spam mess. Now the previous admin ad installed a Symantic
> Spam Server Prox which in my opinion, was a complete waste of money as
> it does not allow for blocking IP addresses.
> Now here is the question;
> I am running Exchange 2003, and am looking at setting up the Conection
> Filter under Message Delivery to block messages based on IP address.
> The problem is that when I save the IPs to be blocked, I get a message
> stating that the Connection filter "has to be enabled manually through
> the specific SMTP virtual server IP address assignments as they are not
> enabled by default."
> This should be easy, however When I attempt to apply these filters to
> the IP address that is assigned to the nic card used to connect to the
> mail proxy, it blockes nothing.
>
> Any ideas?
> Is there another way to filter IP addresses?
>
> Mike
> mlawrence(at)fisher-wavy.com
> 


0
3/8/2005 12:54:44 PM
Mail proxy is called Symantec AntiSpam for SMTP and it is version
3.1.0.5

Is there no way that I can have Exchange look at the header and if an
IP within the Header matches, drop it?
The issue is that I have been picking through the headers of some 300+
spam messages and notice that alot of them are being bounced around
alot. This is how they are getting by the POS Anti-spam software as the
original message came from a domain that I have requested to be
blocked, but after bouncing around a bit, the message shows up looking
like it is from a site that is not blocked. I would figure that about
50% of the spam is coming from a domain that has a country code such as
..il or .jp and so on. I have blocked these entire domains, with no
luck.
The insult to the whole thing is I have over 5000 IP addresses, domains
and key words that if they where blocked, there would be no issue, but
it takes more then one application to do this.
My last resort is to go the firewall/router and start blocking trafic
completely from there. Atleast there, I can use a simple text file to
upload the list.
I do not want to have to go through that route as the router is not
owned by our company, and I would have to do a password recovery.

Any help would be great.

Mike
mlawrence(at)fisher-wavy.com

Geoff Pearce wrote:
> Look in at an email header of the emails you receive from the net.
Received
> entries at the top of the header indicate the path of the email.  The
top
> most Recieved line is the last SMTP server that connected to your
Exchange
> Server.  If the IP address is the Symantic Spam Server Proxy then you
can
> not block within Exchange Server based upon the IP address.  Do you
have the
> version number and exact product name of your Symantic Spam Server
Proxy
> because you should double check within their news groups that you
cannot
> block by IP address.
>
> Geoff Pearce
>
> "mike" <mlawrenc@gmail.com> wrote in message
> news:1110207776.972937.62650@o13g2000cwo.googlegroups.com...
> >I recently started a new job, and discovered after day one, that I
had
> > inharited a spam mess. Now the previous admin ad installed a
Symantic
> > Spam Server Prox which in my opinion, was a complete waste of money
as
> > it does not allow for blocking IP addresses.
> > Now here is the question;
> > I am running Exchange 2003, and am looking at setting up the
Conection
> > Filter under Message Delivery to block messages based on IP
address.
> > The problem is that when I save the IPs to be blocked, I get a
message
> > stating that the Connection filter "has to be enabled manually
through
> > the specific SMTP virtual server IP address assignments as they are
not
> > enabled by default."
> > This should be easy, however When I attempt to apply these filters
to
> > the IP address that is assigned to the nic card used to connect to
the
> > mail proxy, it blockes nothing.
> >
> > Any ideas?
> > Is there another way to filter IP addresses?
> >
> > Mike
> > mlawrence(at)fisher-wavy.com
> >

0
mlawrenc (3)
3/8/2005 5:13:45 PM
No.  Exchange does not block based on information contained in the *header* 
of the messages.  It will only block connection attempts (at least for the 
IP blocking).  In your case, because the Symantec SMTP proxy is receiving 
the messages first, then forwarding them to Exchange, ALL connection 
attempts will be coming from the SMTP proxy (as Geoff suggested, verify this 
by inspecting  the headers of a spam message).

You might, however, consider implementing the IMF for Exchange 2003.  It's 
based on the same Smartscreen technology that Hotmail uses to block spam, so 
you may find that it is able to help with your predicament.

Also, keep in mind that the From address can be easily modified.  But as to 
the above, any smtp filter that blocks based on IP addresses is typically 
going to block connection attempts from those IP's, not scan the headers and 
see if that IP is listed.  As such, I doubt that uploading your list of IP's 
would do much on the router either, unless the actual connection attempts 
are coming from those IP's.

-- 
Ben Winzenz
Exchange MVP


"mike" <mlawrenc@gmail.com> wrote in message 
news:1110302025.096855.107520@o13g2000cwo.googlegroups.com...
> Mail proxy is called Symantec AntiSpam for SMTP and it is version
> 3.1.0.5
>
> Is there no way that I can have Exchange look at the header and if an
> IP within the Header matches, drop it?
> The issue is that I have been picking through the headers of some 300+
> spam messages and notice that alot of them are being bounced around
> alot. This is how they are getting by the POS Anti-spam software as the
> original message came from a domain that I have requested to be
> blocked, but after bouncing around a bit, the message shows up looking
> like it is from a site that is not blocked. I would figure that about
> 50% of the spam is coming from a domain that has a country code such as
> .il or .jp and so on. I have blocked these entire domains, with no
> luck.
> The insult to the whole thing is I have over 5000 IP addresses, domains
> and key words that if they where blocked, there would be no issue, but
> it takes more then one application to do this.
> My last resort is to go the firewall/router and start blocking trafic
> completely from there. Atleast there, I can use a simple text file to
> upload the list.
> I do not want to have to go through that route as the router is not
> owned by our company, and I would have to do a password recovery.
>
> Any help would be great.
>
> Mike
> mlawrence(at)fisher-wavy.com
>
> Geoff Pearce wrote:
>> Look in at an email header of the emails you receive from the net.
> Received
>> entries at the top of the header indicate the path of the email.  The
> top
>> most Recieved line is the last SMTP server that connected to your
> Exchange
>> Server.  If the IP address is the Symantic Spam Server Proxy then you
> can
>> not block within Exchange Server based upon the IP address.  Do you
> have the
>> version number and exact product name of your Symantic Spam Server
> Proxy
>> because you should double check within their news groups that you
> cannot
>> block by IP address.
>>
>> Geoff Pearce
>>
>> "mike" <mlawrenc@gmail.com> wrote in message
>> news:1110207776.972937.62650@o13g2000cwo.googlegroups.com...
>> >I recently started a new job, and discovered after day one, that I
> had
>> > inharited a spam mess. Now the previous admin ad installed a
> Symantic
>> > Spam Server Prox which in my opinion, was a complete waste of money
> as
>> > it does not allow for blocking IP addresses.
>> > Now here is the question;
>> > I am running Exchange 2003, and am looking at setting up the
> Conection
>> > Filter under Message Delivery to block messages based on IP
> address.
>> > The problem is that when I save the IPs to be blocked, I get a
> message
>> > stating that the Connection filter "has to be enabled manually
> through
>> > the specific SMTP virtual server IP address assignments as they are
> not
>> > enabled by default."
>> > This should be easy, however When I attempt to apply these filters
> to
>> > the IP address that is assigned to the nic card used to connect to
> the
>> > mail proxy, it blockes nothing.
>> >
>> > Any ideas?
>> > Is there another way to filter IP addresses?
>> >
>> > Mike
>> > mlawrence(at)fisher-wavy.com
>> >
> 


0
Ben
3/8/2005 7:22:39 PM
mike wrote:

> Mail proxy is called Symantec AntiSpam for SMTP and it is version
> 3.1.0.5
>
> Is there no way that I can have Exchange look at the header and if an
> IP within the Header matches, drop it?

Not without some programming. Use Transport Event Sink interface to make
Exchange dance.

>
> The issue is that I have been picking through the headers of some 300+
> spam messages and notice that alot of them are being bounced around
> alot. This is how they are getting by the POS Anti-spam software as the
> original message came from a domain that I have requested to be
> blocked, but after bouncing around a bit, the message shows up looking
> like it is from a site that is not blocked. I would figure that about
> 50% of the spam is coming from a domain that has a country code such as
> .il or .jp and so on. I have blocked these entire domains, with no
> luck.
> The insult to the whole thing is I have over 5000 IP addresses, domains
> and key words that if they where blocked, there would be no issue, but
> it takes more then one application to do this.
> My last resort is to go the firewall/router and start blocking trafic
> completely from there. Atleast there, I can use a simple text file to
> upload the list.
> I do not want to have to go through that route as the router is not
> owned by our company, and I would have to do a password recovery.

IMO, you really need to invest in better antispam product. See if
www.vamsoft.com does better job.

>
>
> Any help would be great.
>
> Mike
> mlawrence(at)fisher-wavy.com
>
> Geoff Pearce wrote:
> > Look in at an email header of the emails you receive from the net.
> Received
> > entries at the top of the header indicate the path of the email.  The
> top
> > most Recieved line is the last SMTP server that connected to your
> Exchange
> > Server.  If the IP address is the Symantic Spam Server Proxy then you
> can
> > not block within Exchange Server based upon the IP address.  Do you
> have the
> > version number and exact product name of your Symantic Spam Server
> Proxy
> > because you should double check within their news groups that you
> cannot
> > block by IP address.
> >
> > Geoff Pearce
> >
> > "mike" <mlawrenc@gmail.com> wrote in message
> > news:1110207776.972937.62650@o13g2000cwo.googlegroups.com...
> > >I recently started a new job, and discovered after day one, that I
> had
> > > inharited a spam mess. Now the previous admin ad installed a
> Symantic
> > > Spam Server Prox which in my opinion, was a complete waste of money
> as
> > > it does not allow for blocking IP addresses.
> > > Now here is the question;
> > > I am running Exchange 2003, and am looking at setting up the
> Conection
> > > Filter under Message Delivery to block messages based on IP
> address.
> > > The problem is that when I save the IPs to be blocked, I get a
> message
> > > stating that the Connection filter "has to be enabled manually
> through
> > > the specific SMTP virtual server IP address assignments as they are
> not
> > > enabled by default."
> > > This should be easy, however When I attempt to apply these filters
> to
> > > the IP address that is assigned to the nic card used to connect to
> the
> > > mail proxy, it blockes nothing.
> > >
> > > Any ideas?
> > > Is there another way to filter IP addresses?
> > >
> > > Mike
> > > mlawrence(at)fisher-wavy.com
> > >

0
kpalagin8074 (137)
3/8/2005 7:51:17 PM
In any case, blocking spam by blocking IP addresses is not a very logical 
way to try to protect yourself any more.  Five years ago?  Maybe.  With the 
number of open relay mail servers on the internet today, you could spend the 
rest of your working days doing nothing but entering IP addresses and will 
still get a boatload of spam.

"Smart" blocking software, IMF, SPF via SpamAssasin 
(http://www.spamblogging.com/archives/000014.html <- fairly old 
article)...one of those may be your best option.  You can try the "Transport 
event sink" option mentioned in the previous post, but I would only 
recommend that for the not-so-faint-hearted.  You might also check out 
iHateSpam For Microsoft Exchange (www.sunbelt-software.com), if you don't 
mind spending a few bucks.


"Kirill S. Palagin" <kpalagin@no.mail.phxint.ru> wrote in message 
news:422E0235.B640BF67@no.mail.phxint.ru...
> mike wrote:
>
>> Mail proxy is called Symantec AntiSpam for SMTP and it is version
>> 3.1.0.5
>>
>> Is there no way that I can have Exchange look at the header and if an
>> IP within the Header matches, drop it?
>
> Not without some programming. Use Transport Event Sink interface to make
> Exchange dance.
>
>>
>> The issue is that I have been picking through the headers of some 300+
>> spam messages and notice that alot of them are being bounced around
>> alot. This is how they are getting by the POS Anti-spam software as the
>> original message came from a domain that I have requested to be
>> blocked, but after bouncing around a bit, the message shows up looking
>> like it is from a site that is not blocked. I would figure that about
>> 50% of the spam is coming from a domain that has a country code such as
>> .il or .jp and so on. I have blocked these entire domains, with no
>> luck.
>> The insult to the whole thing is I have over 5000 IP addresses, domains
>> and key words that if they where blocked, there would be no issue, but
>> it takes more then one application to do this.
>> My last resort is to go the firewall/router and start blocking trafic
>> completely from there. Atleast there, I can use a simple text file to
>> upload the list.
>> I do not want to have to go through that route as the router is not
>> owned by our company, and I would have to do a password recovery.
>
> IMO, you really need to invest in better antispam product. See if
> www.vamsoft.com does better job.
>
>>
>>
>> Any help would be great.
>>
>> Mike
>> mlawrence(at)fisher-wavy.com
>>
>> Geoff Pearce wrote:
>> > Look in at an email header of the emails you receive from the net.
>> Received
>> > entries at the top of the header indicate the path of the email.  The
>> top
>> > most Recieved line is the last SMTP server that connected to your
>> Exchange
>> > Server.  If the IP address is the Symantic Spam Server Proxy then you
>> can
>> > not block within Exchange Server based upon the IP address.  Do you
>> have the
>> > version number and exact product name of your Symantic Spam Server
>> Proxy
>> > because you should double check within their news groups that you
>> cannot
>> > block by IP address.
>> >
>> > Geoff Pearce
>> >
>> > "mike" <mlawrenc@gmail.com> wrote in message
>> > news:1110207776.972937.62650@o13g2000cwo.googlegroups.com...
>> > >I recently started a new job, and discovered after day one, that I
>> had
>> > > inharited a spam mess. Now the previous admin ad installed a
>> Symantic
>> > > Spam Server Prox which in my opinion, was a complete waste of money
>> as
>> > > it does not allow for blocking IP addresses.
>> > > Now here is the question;
>> > > I am running Exchange 2003, and am looking at setting up the
>> Conection
>> > > Filter under Message Delivery to block messages based on IP
>> address.
>> > > The problem is that when I save the IPs to be blocked, I get a
>> message
>> > > stating that the Connection filter "has to be enabled manually
>> through
>> > > the specific SMTP virtual server IP address assignments as they are
>> not
>> > > enabled by default."
>> > > This should be easy, however When I attempt to apply these filters
>> to
>> > > the IP address that is assigned to the nic card used to connect to
>> the
>> > > mail proxy, it blockes nothing.
>> > >
>> > > Any ideas?
>> > > Is there another way to filter IP addresses?
>> > >
>> > > Mike
>> > > mlawrence(at)fisher-wavy.com
>> > >
> 


0
none89 (807)
3/8/2005 8:31:58 PM
Check the header of the email.  Take the IP of the received line that 
connects to your proxy.  Then see if it is listed on an RBL www.openrbl.org. 
Typically you will find these IPs listed on common RBLs such as

http://www.spamhaus.org/sbl/howtouse.html
http://www.spamcop.net/bl.shtml

These are very reliable and good RBLs to use at your Symantec AntiSpam level

Otherwise use the following to help block spam at your Exchange Server level

The following will help enable IMF filtering and give an appropriate SCL 
level to start with (uses a baysien hybrid system to indentify spam)

Appropriate SCL level
http://www.sirana.com/products/spamcenter/reports.aspx

Microsoft Exchange Intelligent Message Filter Deployment Guide
http://www.microsoft.com/technet/prodtechnol/exchange/2003/library/imfdeploy.mspx

Use a Third Party Product to enable SURBL filtering (checks the links within
an email to see if they are from a known spam website)

NOTE ORFIlter is a free Exchange 2000/2003 plugin
http://martijnjongen.com/Default.aspx?tabid=27

Geoff Pearce

"mike" <mlawrenc@gmail.com> wrote in message 
news:1110302025.096855.107520@o13g2000cwo.googlegroups.com...
> Mail proxy is called Symantec AntiSpam for SMTP and it is version
> 3.1.0.5
>
> Is there no way that I can have Exchange look at the header and if an
> IP within the Header matches, drop it?
> The issue is that I have been picking through the headers of some 300+
> spam messages and notice that alot of them are being bounced around
> alot. This is how they are getting by the POS Anti-spam software as the
> original message came from a domain that I have requested to be
> blocked, but after bouncing around a bit, the message shows up looking
> like it is from a site that is not blocked. I would figure that about
> 50% of the spam is coming from a domain that has a country code such as
> .il or .jp and so on. I have blocked these entire domains, with no
> luck.
> The insult to the whole thing is I have over 5000 IP addresses, domains
> and key words that if they where blocked, there would be no issue, but
> it takes more then one application to do this.
> My last resort is to go the firewall/router and start blocking trafic
> completely from there. Atleast there, I can use a simple text file to
> upload the list.
> I do not want to have to go through that route as the router is not
> owned by our company, and I would have to do a password recovery.
>
> Any help would be great.
>
> Mike
> mlawrence(at)fisher-wavy.com
>
> Geoff Pearce wrote:
>> Look in at an email header of the emails you receive from the net.
> Received
>> entries at the top of the header indicate the path of the email.  The
> top
>> most Recieved line is the last SMTP server that connected to your
> Exchange
>> Server.  If the IP address is the Symantic Spam Server Proxy then you
> can
>> not block within Exchange Server based upon the IP address.  Do you
> have the
>> version number and exact product name of your Symantic Spam Server
> Proxy
>> because you should double check within their news groups that you
> cannot
>> block by IP address.
>>
>> Geoff Pearce
>>
>> "mike" <mlawrenc@gmail.com> wrote in message
>> news:1110207776.972937.62650@o13g2000cwo.googlegroups.com...
>> >I recently started a new job, and discovered after day one, that I
> had
>> > inharited a spam mess. Now the previous admin ad installed a
> Symantic
>> > Spam Server Prox which in my opinion, was a complete waste of money
> as
>> > it does not allow for blocking IP addresses.
>> > Now here is the question;
>> > I am running Exchange 2003, and am looking at setting up the
> Conection
>> > Filter under Message Delivery to block messages based on IP
> address.
>> > The problem is that when I save the IPs to be blocked, I get a
> message
>> > stating that the Connection filter "has to be enabled manually
> through
>> > the specific SMTP virtual server IP address assignments as they are
> not
>> > enabled by default."
>> > This should be easy, however When I attempt to apply these filters
> to
>> > the IP address that is assigned to the nic card used to connect to
> the
>> > mail proxy, it blockes nothing.
>> >
>> > Any ideas?
>> > Is there another way to filter IP addresses?
>> >
>> > Mike
>> > mlawrence(at)fisher-wavy.com
>> >
> 


0
3/9/2005 1:51:26 AM
Since I don't see it mentioned yet, you might want to look at outside gateway 
services. You set your MX to go to their servers, they do all the grunt work 
of spam filtering and relay the good stuff on to your Exchange.  

Postini is the big name in that market, and I liked AppRiver for the 
additional control it gives you.  I have contacts for each if you're 
interested, just drop me a line at nospam@deskoptional.com, but replace the 
first part of that with my first name.

Dave

0
3/9/2005 5:19:01 AM
Dont try and filter out spam by blocking ip's this is a bigger waste of time. 
do yourself a favor. Setup a SMTP smart host that sits in front of your 
exchagne server, the smart host forwards all mail destined to  your domain to 
your exchagne server, and drops everything that is not. Run Bright mail on 
your SMTP smart host, and this issue is over.

"mike" wrote:

> I recently started a new job, and discovered after day one, that I had
> inharited a spam mess. Now the previous admin ad installed a Symantic
> Spam Server Prox which in my opinion, was a complete waste of money as
> it does not allow for blocking IP addresses.
> Now here is the question;
> I am running Exchange 2003, and am looking at setting up the Conection
> Filter under Message Delivery to block messages based on IP address.
> The problem is that when I save the IPs to be blocked, I get a message
> stating that the Connection filter "has to be enabled manually through
> the specific SMTP virtual server IP address assignments as they are not
> enabled by default."
> This should be easy, however When I attempt to apply these filters to
> the IP address that is assigned to the nic card used to connect to the
> mail proxy, it blockes nothing.
> 
> Any ideas?
> Is there another way to filter IP addresses?
> 
> Mike
> mlawrence(at)fisher-wavy.com
> 
> 
0
Skipster (152)
3/10/2005 11:47:02 PM
"Skipster" <Skipster@discussions.microsoft.com> wrote:

>Dont try and filter out spam by blocking ip's this is a bigger waste of time. 
>do yourself a favor. Setup a SMTP smart host that sits in front of your 
>exchagne server, the smart host forwards all mail destined to  your domain to 
>your exchagne server, and drops everything that is not. Run Bright mail on 
>your SMTP smart host, and this issue is over.

Over? Hardly. No one piece of software is going to "end spam". It'll
reduce it considerably, until the spammers figure out a way around the
present filters and the vendor counters with a new set, but it's war
and it won't be over any time soon.


-- 
Rich Matheisen
MCSE+I, Exchange MVP
MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
0
richnews (7316)
3/12/2005 12:49:05 AM
Agree! but based on what this guy has in place what i suggested is a huge 
improvement, I also run the IMF on both of my exchagne servers, the IMF 
filter catches around 3 a  day so this is why i like brightmail. Our company 
gets over 1 million emails a month, 98% or of this are crap, and brightmail 
is my hero. 

Reporting is good 2

"Rich Matheisen [MVP]" wrote:

> "Skipster" <Skipster@discussions.microsoft.com> wrote:
> 
> >Dont try and filter out spam by blocking ip's this is a bigger waste of time. 
> >do yourself a favor. Setup a SMTP smart host that sits in front of your 
> >exchagne server, the smart host forwards all mail destined to  your domain to 
> >your exchagne server, and drops everything that is not. Run Bright mail on 
> >your SMTP smart host, and this issue is over.
> 
> Over? Hardly. No one piece of software is going to "end spam". It'll
> reduce it considerably, until the spammers figure out a way around the
> present filters and the vendor counters with a new set, but it's war
> and it won't be over any time soon.
> 
> 
> -- 
> Rich Matheisen
> MCSE+I, Exchange MVP
> MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
> 
0
Skipster (152)
3/12/2005 1:01:03 AM
The simplest and best solution that I have yet to find is actually the 
Barracuda.
First it offloads all of the filtering tasks to another piece of hardware, 
second it is one of the easiest installs I have seen, third no per user 
charge.  Don’t get me wrong it is not perfect.  It costs $$$$ and has a 
yearly subscription attached to it and the setup took longer than expected 
due to someone fat-fingering the mx record change.
But I did not have to make a single change to the exchange server.  It would 
be nice if it could handle VPN so I could put it in another DMZ and tunnel to 
my exchange server.


"Skipster" wrote:

> Agree! but based on what this guy has in place what i suggested is a huge 
> improvement, I also run the IMF on both of my exchagne servers, the IMF 
> filter catches around 3 a  day so this is why i like brightmail. Our company 
> gets over 1 million emails a month, 98% or of this are crap, and brightmail 
> is my hero. 
> 
> Reporting is good 2
> 
> "Rich Matheisen [MVP]" wrote:
> 
> > "Skipster" <Skipster@discussions.microsoft.com> wrote:
> > 
> > >Dont try and filter out spam by blocking ip's this is a bigger waste of time. 
> > >do yourself a favor. Setup a SMTP smart host that sits in front of your 
> > >exchagne server, the smart host forwards all mail destined to  your domain to 
> > >your exchagne server, and drops everything that is not. Run Bright mail on 
> > >your SMTP smart host, and this issue is over.
> > 
> > Over? Hardly. No one piece of software is going to "end spam". It'll
> > reduce it considerably, until the spammers figure out a way around the
> > present filters and the vendor counters with a new set, but it's war
> > and it won't be over any time soon.
> > 
> > 
> > -- 
> > Rich Matheisen
> > MCSE+I, Exchange MVP
> > MS Exchange FAQ at http://www.swinc.com/resource/exch_faq.htm
> > 
0
JERETT (1)
3/15/2005 4:35:03 PM
Reply:

Similar Artilces:

Help getting SheetName into a cell
I need to refer to the sheet name in a formula and can't figure out how to do it. I can't find a Function which will do this. I did discover ActiveSheet.Name but I have been unsuccessful in getting it work in a function. Specifically I have sheets named "1.a" , "1.b" , "1.c" . . . "99.a" , "99.b" , "99.c" and need to get these names into cell C3 of each sheet. The sheets may not be in order and there may be missing sheets. Thanks in advance for any help. Omar Hi You could put somthing like this in a macro or attatch ...

Displaying Counts when Filtering
Usually when using the filter function, the total records in the spreadsheet and the number of records that match the filter criteria are displayed on the lower left of the window (I guess it's the status bar). However, for certain files that I have, no counts are displayed when I filter. Does anyone know if there is a setting in the file that causes this or something else that needs to be changed? I do notice this happens frequently with files created by exporting from Access, but not always. It also happens with other files, but I can't find a common denominator. Hi To...

Help with SQL Query 06-30-10
We have a distinct list of email addresses in alpha order and we need to transform it from a single column into a grid of three columns maintaining the alpha order. The list is contained in a temp table inside of our query. We then use the temp table list and perform case statement with a mod on the row_number in a select statement to columnze the data. However, the columnar data contains a null value in two of the three columns and we are needing to remove the nulls and have the actual values on each row in the output. Here is our current sql: CREATE TABLE #tmpTable ( Email_Add...

Messages not delivered to another Routing Group HELP NEEDED
I have three routing groups ( exchange in the 3 of them are Exch 2k sp3 ). Mail from one server ( in my headquarter routing group ) to another ( in one branch office routing group ) is getting stucked in MESSAGES WITH UNREACHABLE DESTINATION and not routed to that server. Connectors seems to be working just fine. After add my other exchange server from my headqurter group to the connector to be albe to send mail it shows the queue now in the connector but does not sends anything. Otherwise, mail from my branch office to my headquarter correctly sends mail. Any help would be gre...

Recipient Filtering in Exchange 2003
I've read M$ article 823866 and I'm looking at enabling Recipient Filtering. Has anybody tested/enabled this feature in Exchange 2003? Are their any "gotchas" I need to look out for? Does this feature increase CPU load - I figure it might as the server must now query a GC *during the SMTP conversation* to verify that the recipient address is in the GAL. Are their any negatives with regard to this setting? Does it aid spammers, perhaps, with Directory Harvest Attacks? Just making sure to dot my i's and cross my t's before moving forward. Thanks for any responses...

Need help with Combo Box?
I would appreciate any help with this. I currently have a form with two combo boxes and a subform. The first combo box lists counties and the second box lists doctors in selected county. After selecting county, doc the subform lists pts for this doc. All this works fine. However, I need to add a couple of more filters. I am stuck and would like to know how to do this. I don't want to mess up what I already have. How can I incorporate a couple more filters? I thought maybe adding an option box to the form????? Can someone please help me to accomplish this? Thank you. Sure...

Filtered list
Hi, I hope that some one can help! I want to take a certain range of cells in the file "HCP_2005_upgrade" and filter so as to select all the cells that are not empty. Then select all the rows for these cells and copy them to a new workbook "W_V" in "sheet2". I have the following code. Three problems: 1- When copying to the new workbook I did not have the same column width. What should I do in order to have the same column width? 2- What code do I need to add, and where, so as to let the macro automatically find the last r...

click on page form tab to filter subform
I have page tab with following names: Flat Rate, Global Rate, MSRP Rate. I would like to have subform only show the rates for each page tab. How do I go about doing this. I am new to VBA and from reading all the threads, I can't seem to find the one that fits my exact need. Please explain step-by-step since I am new. Let me know if I need to provide more details. Thank you. Hi Kris Presumably you have a field in the RecordSource of your subform that contains one of the three values (Flat Rate, Global Rate, MSRP Rate) or some other text or code that corresponds to these values....

Intelligent Message Filtering
Hi All, Just to say what a good product IMF is. All my Junk-Mail is archived in a local queue. My dream become true ! No more wasted time in explaining what a SPAM is...... Diego P Castro MCSE-MCSA-SPS8 Brasil ...

Help making BINGO cards
Version: 2008 Operating System: Mac OS X 10.6 (Snow Leopard) Processor: Intel I am quite the novice at using Excel. I'm trying to create a set of BINGO cards for a church group and I'm having trouble figuring it out. I saw a post about something called RAND function but I don't know what that means. <br><br>What I need is 56 unique cards with 5 columns and 5 rows each. The cards will be using the numbers 1-24 leaving the center square blank or &quot;0&quot;. <br><br>Can anyone please assist? This is a multi-part message in MIME format. ----...

Calculating Averages
Hi, I am using the newest version of Excel on Windows 7, and I need some help with a complex calculation. In cells A1-A100, I have dollar amounts ranging from $1-$1000. In cells B1-B100, I have percentages ranging from 0%-100%. I want to break out the cells in A1-A100 in several groups, like follows: $1-$99, $100-$199, $200-$299, and so on up to $1000. Then, I need to calculate the average percentage for jobs in those categories. So, for the category of $1-$99, lets say there are two cells with amounts in that range, A1 and A2. Their percentages in B1 and B2 are 40% and 6...

REALLY NEED HELP
Hi guys, i'm hoping someone could lend me a hand. I'm setting up an excel file to input our fees received from our customers sent to collections. I have a main page with all the customers names, and each name is a hyper link to that customers separate worksheet - where a running tab is kept. I have a button called "update" and i've assigned the following macro (also called UPDATE) move the info over to the respective customers worksheet. I'm trying to get a loop going. A# is the customers name (first name will be starting at A4. B# to F# (first transaction...

Workbook there but not visible! Help!
I was working on some VBA code for an excel application I am writing. I switched between the VBE and the spreadsheet and all of a sudden my workbook is no longer visible! In the VBE project explorer window it shows my project and my code but in the excel window...no workbook! Nothing! Ran a test procedure calling IsAddin to see if somehow I accidentally clicked a button/box telling Excel to make this file an addin but it returned false. I did close the file and re-open it. Any ideas? Maybe it's just off the visible screen: Window|Arrange|tiled (and resize manually) or maybe y...

Filters & stuff
Hi I seem to me that when I filtered a col on a worksheet(Data>filter>autofilter) the number of filtered entries was shown on the bottom left side of the screen. Now I can not see that anymore Any one know how to turn on that function Thanks See here for info on AutoFilter limits - http://www.contextures.com/xlautofilter02.html#Limits Rgds, Andy Right on Andy Thanks "Andy Brown" <andy.j.brown@ntlworld.com> wrote in message news:OgnKSXNaDHA.2328@TK2MSFTNGP12.phx.gbl... > See here for info on AutoFilter limits - > > http://www.contextures.com/xlautofilter0...

Please help Password Trouble
I am using outlook 2000 on a DSL line on XP Home. I have chosen to not save my password, and the problem that I am having is that everytime I go to check my mail it makes me type in my password. There must be a way (like in express) that allows you to just type in your password the first time you log into outlook and keeps you logged in until you decide to log out?? Thanks for your help!!!! -- Virtualliance, Inc. Mark Needham 7 Kimball Lane Bldg A Lynnfield, Ma 01940 T 001-781-224-4700 F 001-781-224-2414 C 001-617-799-4597 www.virtuallianceinc.com mneedham@virtuallianceinc.com im: vaincmar...

Filter #11
Does anyone know if there are limitations on how many items you can have in a filter? In other words, if you have 50000 items in a list, will it only show 10000 items in the filter because Excel caps it at that #? BT Excel has a limit of 1000 unique items in an autofilter list. All are 'available' via the 'custom' option, but the dropdown will only show 1000 You can test this by 'autofilling' a column past 1000 and then filtering the column. It only shows up to 1000 in the drop-down. (97 - 2003) -- HTH Nick Hodge Microsoft MVP - Excel Southampton, England nick...

Please help....
I have a question regarding bank reconciliations that I am hoping someone can help me with. It concerns a USD bank account that I use. At the end of the month I prepare the bank reconciliation in GP. After completing the reconciliation I get a print-out called the "Reconciliation Posting Journal". This print-out provides me with the folowing: Bank Statement Balance Oustanding Cheques(-) Depoits in Transit(+) =Adjusted Bank Balance All of these amounts are in USD. Then I go to "Financial - Inquiry - Summary" and pull the summary balance for this GL ...

Help! New to Publisher
What is the A...at the bottom of a page inside a small box? I am typing a newsletter. Shouldn't one page flow to the next like in Microsoft Office? If it is text overflow, I cannot retrieve. What am I doing wrong? Please advise. That indicates that there is more text inside that area that cannot be seen. If you stretch that text box down, you'll see the rest of your text. To make it flow from one box to another, you need to set it up for that. (I will admit that I break mine manually because I've never taken the time to learn how to do it correctly.) -- The problem with ...

How to copy a filtered range ?
Hi, In a range of cells that i have filtered by edit>go>special>formulas>ctrl+9, therefore remained only rows with constant values, now that i need to copy these rows on a new book to upgrade their values and repaste them on the original book in the same column but without overwriting the hidden rows which contains formulas, is that possible ? Thank you very much . -- gaftalik ------------------------------------------------------------------------ gaftalik's Profile: http://www.excelforum.com/member.php?action=getinfo&userid=6450 View this thread: http://www.excelfor...

Outlook's Junk e-mail filter relationship to Hotmail?
I was surprised to learn recently that Outlook's Junk e-mail feature controls junk mail routing on Hotmail's server when you use Outlook to access your Hotmail. It seems to even take precedence over exceptions you have set on Hotmail itself. I always assumed Outlook's (2003 SP1, latest filter) junk mail filtering strictly controlled what happened once the mail hit the *client*, but apparently not in this case. The end result is that you pretty much have to create exceptions on both the client and the server in order to prevent certain mails from winding up in Hotmail's J...

Help! Lost all email from inbox
Hi, hoping someone can advise me. Somehow my fingers fumbled when reaching for mouse to open an email and every email in my inbox disappeared. I have outlook 2000 and do have it set to automatically delete when i highlight and press delete key. But in this case, i didnt highlight anything and must have hit some combination of keys and poof - over 100 emails from inbox disappeared. They are not in deleted items folder and many were not even opened yet. tia kate <kate@discussions.microsoft.com> wrote: > Hi, hoping someone can advise me. Somehow my fingers fumbled when >...

Outlook 2002 backup question...please help!
Hi all, I am having a problem with windows which may require me to reformat. I cannot get into outlook (2002) via windows, but I can access files from dos. Can someone please tell me where the data files for outlook 2002 are stored, and which ones I'd need to copy? Thanks in advance for any help. Jim See if this info helps: http://www.howto-outlook.com/howto/backupandrestore.htm "Jim" <lakerfan426@yahoo.com> wrote in message news:OUhIH0oTGHA.4132@TK2MSFTNGP11.phx.gbl... > Hi all, > > I am having a problem with windows which may require me to reformat. I >...

Need Help Using A Custom Session Manager
Hi. I have some questions about session management. I have decided to use a custom session manager class to have more control over session state in my web site. I have started out by using Stephan Prodan's Session Class here: http://stefanprodan.spaces.live.com/?_c11_BlogPart_BlogPart=blogview&_c=BlogPart&partqs=cat%3DC%2523 You'll need to take a look (which I appreciate immensely) to get a sense of what I am talking about. 1) My first question pertains to how I persist and access my session information after a user authenticates (or doesn't). In his exam...

Help: MAPI can't find PSTPRX.DLL
Hi there Can anyone suggest how I can make outlook 2002 work properly. Everytime I press send/receive it says MAPI can not locate PSTPRX.DLL. I have done search and it is not on my computer. Please can anyone assist? just trying out 1st time >-----Original Message----- >Hi there > >Can anyone suggest how I can make outlook 2002 work >properly. Everytime I press send/receive it says MAPI can >not locate PSTPRX.DLL. I have done search and it is not >on my computer. Please can anyone assist? >. > See if this info helps: http://support.microsoft.com/default.asp...

Managing spam emails
Hello, I have recently started using Outlook 2k3 and have a couple of questions about handling spam emails. I know you can just right-click on the Junk folder and delete all the messages inside. But, I like to at least preview the message list in the Junk folder before deleting everything, so that I can make sure that messages I want aren't being misdirected there and deleted by mistake. I know that often, just opening a spam email will activate an invisible "web bug" in web-based email that alerts the spammer that you've opened their message, and then they send you...