Spam Filter ISP Support Forum

  New Posts New Posts RSS Feed - Spam notifications to non existing users
  FAQ FAQ  Forum Search   Register Register  Login Login

Spam notifications to non existing users
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
jortmann View Drop Down
Newbie
Newbie
Avatar

Joined: 13 November 2007
Location: Canada
Status: Offline
Points: 11 		Post Options Post Options   Thanks (0) Thanks(0)   Quote jortmann Quote  Post ReplyReply Direct Link To This Post Topic: Spam notifications to non existing users
    Posted: 10 September 2010 at 2:06pm
Hello,

I'm trying to resolve an issue between our spamfilter server and our exchange server. First off I'd like to ask if Spamfilter quarantines everything sent to the email domains listed in the LocalDomains.txt?

Problem Scenario:
I have a quarantine mail box, I get spam and the spamfilter server notifies me that I have spam to check. CAVEAT: we do have some customization of our spamfilter so this auto-notify might not be a regular feature.

But spammers of course just bombard domains with crap. So for instance my email jortman@corpemail.com is legit and has an exchange mailbox, but 22jortman@corpemail.com has neither a quarantine mailbox account nor an exchange mailbox. 

THIS next point is what I'm trying to resolve: 

spamfilter still quarantines spam for 22jortman@corpemail.com and tries to send a notification to 22jortman@corpemail.com which exchange rejects it because the user doesn't exist. We have a large number of these emails bouncing about. My company is a corporation and we have about 20 email domains that spamfilter is set to accept incoming email from, not to mention most users have about 10 email aliases due to internal relocating and company name changes - but I digress. 

Is there anyway to stop these notifications to users who at least don't have a spam quarantine inbox?

I know there are powershell scripts to dump all legit email addresses into the AuthorizedToEmails (which sounds like the way to go) but we can't really test that except in production and trying to convince superiors to do that and that we haven't missed anybody won't be easy.

Thanks
Back to Top
yapadu View Drop Down
Senior Member
Senior Member


Joined: 12 May 2005
Status: Offline
Points: 297 		Post Options Post Options   Thanks (0) Thanks(0)   Quote yapadu Quote  Post ReplyReply Direct Link To This Post Posted: 11 September 2010 at 9:16pm
You have answered your own question, you are correct you need to inform spamfilter which mailboxes are valid for receipt of email in the authorized to list. 

That way anything not on that list will not be accepted.

You would also want to ensure you have an updated version of spamfilter, I don't know what release it was but recently the filter order was changes.

Spamfilter used to place messages suspected of being spam into quarantine if the user was not defined, but that is no longer the case and the messages are rejected at time of the delivery attempt.
--------------------------------------------------------------
I am a user of SF, not an employee. Use any advice offered at your own risk.
Back to Top
LogSat View Drop Down
Admin Group
Admin Group
Avatar

Joined: 25 January 2005
Location: United States
Status: Offline
Points: 4104 		Post Options Post Options   Thanks (0) Thanks(0)   Quote LogSat Quote  Post ReplyReply Direct Link To This Post Posted: 12 September 2010 at 9:01am
Originally posted by jortmann jortmann wrote:

Hello,

I'm trying to resolve an issue between our spamfilter server and our exchange server. First off I'd like to ask if Spamfilter quarantines everything sent to the email domains listed in the LocalDomains.txt?
Unless you have specified an "Authorized TO" whitelist in SpamFilter, which contains a list of all the valid email addresses on your system, yes, SpamFilter will quarantine emails sent to any address.

Originally posted by jortmann jortmann wrote:

Problem Scenario:
I have a quarantine mail box, I get spam and the spamfilter server notifies me that I have spam to check. CAVEAT: we do have some customization of our spamfilter so this auto-notify might not be a regular feature.

But spammers of course just bombard domains with crap. So for instance my email jortman@corpemail.com is legit and has an exchange mailbox, but 22jortman@corpemail.com has neither a quarantine mailbox account nor an exchange mailbox. 

THIS next point is what I'm trying to resolve: 

spamfilter still quarantines spam for 22jortman@corpemail.com and tries to send a notification to 22jortman@corpemail.com which exchange rejects it because the user doesn't exist. We have a large number of these emails bouncing about. My company is a corporation and we have about 20 email domains that spamfilter is set to accept incoming email from, not to mention most users have about 10 email aliases due to internal relocating and company name changes - but I digress. 

Is there anyway to stop these notifications to users who at least don't have a spam quarantine inbox?
I assume the process that sends these notifications has been written by your company. In this case, could you not use this as a sender:
MAIL FROM:<>
The NULL sender should prevent email bounces, as the only email attempt would be the one made by your internal process to send the email to the non-existent user (unless you configured Exchange to have undeliverable emails to send a notification to the postmaster address).

Originally posted by jortmann jortmann wrote:

I know there are powershell scripts to dump all legit email addresses into the AuthorizedToEmails (which sounds like the way to go) but we can't really test that except in production and trying to convince superiors to do that and that we haven't missed anybody won't be easy.
Rather than configuring SpamFilter to use an AuthorizedTO Email list, which yes, could have serious consequences if misconfigured, couldn't you still use the powershell scripts to export a list of all valid addresses, and then modify your process to check for valid addresses in that list? The side-effects of misconfiguring this could just prevent users from receiving a notification about their quarantined emails, which is not as bad as not receiving any emails at all.

Originally posted by jortmann jortmann wrote:


Thanks
Roberto Franceschetti

LogSat Software

Spam Filter ISP
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down



This page was generated in 0.188 seconds.

Copyright (c)2002-2021 LogSat Software LLC - Sales: sales@LogSat.com
Contact Us