Print Page | Close Window

Spam notifications to non existing users

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: http://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6873
Printed Date: 16 December 2017 at 9:29pm


Topic: Spam notifications to non existing users
Posted By: jortmann
Subject: Spam notifications to non existing users
Date Posted: 10 September 2010 at 2:06pm
Hello,

I'm trying to resolve an issue between our spamfilter server and our exchange server. First off I'd like to ask if Spamfilter quarantines everything sent to the email domains listed in the LocalDomains.txt?

Problem Scenario:
I have a quarantine mail box, I get spam and the spamfilter server notifies me that I have spam to check. CAVEAT: we do have some customization of our spamfilter so this auto-notify might not be a regular feature.

But spammers of course just bombard domains with crap. So for instance my email jortman@corpemail.com is legit and has an exchange mailbox, but 22jortman@corpemail.com has neither a quarantine mailbox account nor an exchange mailbox. 

THIS next point is what I'm trying to resolve: 

spamfilter still quarantines spam for 22jortman@corpemail.com and tries to send a notification to 22jortman@corpemail.com which exchange rejects it because the user doesn't exist. We have a large number of these emails bouncing about. My company is a corporation and we have about 20 email domains that spamfilter is set to accept incoming email from, not to mention most users have about 10 email aliases due to internal relocating and company name changes - but I digress. 

Is there anyway to stop these notifications to users who at least don't have a spam quarantine inbox?

I know there are powershell scripts to dump all legit email addresses into the AuthorizedToEmails (which sounds like the way to go) but we can't really test that except in production and trying to convince superiors to do that and that we haven't missed anybody won't be easy.

Thanks



Replies:
Posted By: yapadu
Date Posted: 11 September 2010 at 9:16pm
You have answered your own question, you are correct you need to inform spamfilter which mailboxes are valid for receipt of email in the authorized to list. 

That way anything not on that list will not be accepted.

You would also want to ensure you have an updated version of spamfilter, I don't know what release it was but recently the filter order was changes.

Spamfilter used to place messages suspected of being spam into quarantine if the user was not defined, but that is no longer the case and the messages are rejected at time of the delivery attempt.


-------------
--------------------------------------------------------------
I am a user of SF, not an employee. Use any advice offered at your own risk.


Posted By: LogSat
Date Posted: 12 September 2010 at 9:01am
Originally posted by jortmann jortmann wrote:

Hello,

I'm trying to resolve an issue between our spamfilter server and our exchange server. First off I'd like to ask if Spamfilter quarantines everything sent to the email domains listed in the LocalDomains.txt?
Unless you have specified an "Authorized TO" whitelist in SpamFilter, which contains a list of all the valid email addresses on your system, yes, SpamFilter will quarantine emails sent to any address.

Originally posted by jortmann jortmann wrote:

Problem Scenario:
I have a quarantine mail box, I get spam and the spamfilter server notifies me that I have spam to check. CAVEAT: we do have some customization of our spamfilter so this auto-notify might not be a regular feature.

But spammers of course just bombard domains with crap. So for instance my email jortman@corpemail.com is legit and has an exchange mailbox, but 22jortman@corpemail.com has neither a quarantine mailbox account nor an exchange mailbox. 

THIS next point is what I'm trying to resolve: 

spamfilter still quarantines spam for 22jortman@corpemail.com and tries to send a notification to 22jortman@corpemail.com which exchange rejects it because the user doesn't exist. We have a large number of these emails bouncing about. My company is a corporation and we have about 20 email domains that spamfilter is set to accept incoming email from, not to mention most users have about 10 email aliases due to internal relocating and company name changes - but I digress. 

Is there anyway to stop these notifications to users who at least don't have a spam quarantine inbox?
I assume the process that sends these notifications has been written by your company. In this case, could you not use this as a sender:
MAIL FROM:<>
The NULL sender should prevent email bounces, as the only email attempt would be the one made by your internal process to send the email to the non-existent user (unless you configured Exchange to have undeliverable emails to send a notification to the postmaster address).

Originally posted by jortmann jortmann wrote:

I know there are powershell scripts to dump all legit email addresses into the AuthorizedToEmails (which sounds like the way to go) but we can't really test that except in production and trying to convince superiors to do that and that we haven't missed anybody won't be easy.
Rather than configuring SpamFilter to use an AuthorizedTO Email list, which yes, could have serious consequences if misconfigured, couldn't you still use the powershell scripts to export a list of all valid addresses, and then modify your process to check for valid addresses in that list? The side-effects of misconfiguring this could just prevent users from receiving a notification about their quarantined emails, which is not as bad as not receiving any emails at all.

Originally posted by jortmann jortmann wrote:


Thanks


-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP



Print Page | Close Window