Chad
Sat Oct 25 23:13:21 CDT 2003
Hi Karl -
Are you using a 3rd party app to drop the messages? Last time I checked,
Exchange2k does not refuse messages that fail a reverse DNS lookup. Thanks!
--
Chad A Gross [SBS-MVP]
SBS ROCKS!!!
Karl Middleton wrote:
> Set Exchange to do a reverse DNS lookup on the calling IP address.
> Reverse lookup will fail because the calling IP address will not
> match the MX record of your domain. Exchange will then refuse the
> connection and SPAM from this sender won't get in.
>
> I have set up my customers in this fashion and it is very effective.
> Beware that legitimate mail can sometimes be blocked because the
> postmaster doesn't set up their mail system correctly. It is amazing
> how many major corps that you would think could afford to know better
> set up their mail wrong! Usually an email to them gets it corrected.
>
>
>
> "Scott" <anonymous@discussions.microsoft.com> wrote in message
> news:0aa801c39a34$0e48e120$a401280a@phx.gbl...
>> Can't do #1 since all of my users are on the whitelist.
>> GFI won't touch anything that is sent from one of my
>> users (even if it is spoofed).
>>
>> As for #2, I have done this but it is so time consuming
>> since most spammers have a ton of ip addresses to choose
>> from. Some I have been able to block individually or by
>> IP range. I just wish I could stop them from getting to
>> my email server another way.
>>
>> Anyway, thanks for the message.
>>
>>> -----Original Message-----
>>> I'm using the same SBS, Exchange, GFI setup and have
>> experienced the same
>>> problem. A couple solutions:
>>>
>>> 1. Add keywords from the spam to GFI for screening e-
>> mail subject and text.
>>>
>>> 2. Do a whois lookup on the spammer and permanently
>> block their IP
>>> address(es). I find BlackIce server version good for
>> this, though you can do
>>> something similar with SBS itself , I think.
>>>
>>>
>>>
>>>
>>> "Scott ***" <anonymous@discussions.microsoft.com> wrote
>> in message
>>> news:0b7e01c3996b$536c1b10$a301280a@phx.gbl...
>>>> Using SBS2000, running Exchange, using GFI
>> MailEssentials
>>>> 9. Blocking 99% of spam using exchange manager filter
>>>> along with GFI. However, there are a few spammers who
>>>> are spoofing our domain and sending emails to our
>>>> employees using the employee's email address.
>>>>
>>>> The spam messages gets through since all of my
>> employees
>>>> are on the GFI whitelist. How do you block these
>>>> spammers from sending you email like this. I have
>>>> relaying turned off and have run all the tests to
>> ensure
>>>> my server is not set up for relaying.
>>>>
>>>> Here is one of the smtp log entries:
>>>>
>>>> 2003-10-18 03:10:37 66.24.190.227 domain.com SMTPSVC1
>>>> MYEMAILSERVERNAME 192.168.1.2 0 EHLO - +domain.com 250
>> 0
>>>> 329 19 15 SMTP - - - -
>>>> 2003-10-18 03:10:37 66.24.190.227 domain.com SMTPSVC1
>>>> MYEMAILSERVERNAME 192.168.1.2 0 MAIL -
>>>> +FROM:<user@domain.com> 250 0 46 33 0 SMTP - - - -
>>>> 2003-10-18 03:10:37 66.24.190.227 domain.com SMTPSVC1
>>>> MYEMAILSERVERNAME 192.168.1.2 0 RCPT -
>>>> +TO:<user@domain.com> 250 0 34 31 0 SMTP - - - -
>>>> 2003-10-18 03:10:37 66.24.190.227 domain.com SMTPSVC1
>>>> MYEMAILSERVERNAME 192.168.1.2 0 DATA - +<02b701c39526
>>>> $2c2d2631$b400a8c0@S0030140329> 250 0 128 1598
>>>>
>>>> Thanks for your help.
>>>>
>>>> Scott
>>>
>>>
>>> .