Rejecting SPAM by the server

Rejecting SPAM by the server

Post by Anthony W. Youngma » Fri, 21 Aug 1998 04:00:00



I've just started receiving some spam on my office id (which means
someone has been trawling the BODY of newsgroup articles, sadly).


I'm presumably on the BCC. As spams are often addressed like this, is
there any way I can configure Exchange 5.5 to bounce this sort of thing?

All I can see is the ability to block connects with certain hosts (which
is useless as we're on a dial-up and our ISP store-and-forwards a lot of
mail).

Replies cc'd to Anthony dot Youngman at ECA dash International dot com
would be appreciated. The reason you can't cut-and-paste is regrettable
but obvious :-(
--
Anthony W. Youngman - wol at thewolery dot demon dot co dot uk
Trousers with a single hole in their waistband are topologically equivalent
to a doughnut. These sugarcoated trousers have yet to catch on at fast-food
outlets! (SuperStrings by F. David Peat)

If replying by e-mail please mail wol. Anything else may get missed amongst
the spam.

 
 
 

Rejecting SPAM by the server

Post by Rich Matheis » Tue, 01 Sep 1998 04:00:00



>I've just started receiving some spam on my office id (which means
>someone has been trawling the BODY of newsgroup articles, sadly).


>I'm presumably on the BCC. As spams are often addressed like this, is
>there any way I can configure Exchange 5.5 to bounce this sort of thing?

You can use the "TurfTable" registry to eliminate the delivery of
messages *from* e-mail users or domains. Check the Exchange 5.5
Release Notes. Messages will simply not be delivered to your local
users if they match the addresses in this registry value. They won't
be NDR'd.

At the client you can delete messages that aren't addressed explicitly
to you and that don't match any other rules (like the "From:" address
being a mailing list you've subscribed to).

----------------------------------------------------------------
Richard Matheisen                           Wang Laboratories
Microsoft Certified System Engineer         Tewksbury, MA USA


 
 
 

Rejecting SPAM by the server

Post by Edward Braite » Sat, 05 Sep 1998 04:00:00


Problem with this is that these "addresses" change quite often.  So the
TurfTable at one point contains addresses that don't exist anymore.

For those that I get (under my own name, as the webmaster backup and as
admin), I send an email to the original mail server (where possible)
informing them that one of their users is doing some spamming.  I've gotten
a couple of accounts cancelled already.

Showing your "credentials" as either an admin or the mail admin has it's
privledges!

Edward



>>I've just started receiving some spam on my office id (which means
>>someone has been trawling the BODY of newsgroup articles, sadly).


>>I'm presumably on the BCC. As spams are often addressed like this, is
>>there any way I can configure Exchange 5.5 to bounce this sort of thing?

>You can use the "TurfTable" registry to eliminate the delivery of
>messages *from* e-mail users or domains. Check the Exchange 5.5
>Release Notes. Messages will simply not be delivered to your local
>users if they match the addresses in this registry value. They won't
>be NDR'd.

>At the client you can delete messages that aren't addressed explicitly
>to you and that don't match any other rules (like the "From:" address
>being a mailing list you've subscribed to).

>----------------------------------------------------------------
>Richard Matheisen                           Wang Laboratories
>Microsoft Certified System Engineer         Tewksbury, MA USA


 
 
 

Rejecting SPAM by the server

Post by Rich Matheis » Sat, 05 Sep 1998 04:00:00



>Problem with this is that these "addresses" change quite often.  So the
>TurfTable at one point contains addresses that don't exist anymore.

The "From:" addresses probably change quite often. But if there's a
pattern of abuse from an e-mail domain you can drop _all_ messages for
that domain. It isn't necessary to deal with individual e-mail
addresses.

Quote:>For those that I get (under my own name, as the webmaster backup and as
>admin), I send an email to the original mail server (where possible)
>informing them that one of their users is doing some spamming.  I've gotten
>a couple of accounts cancelled already.

You can try dealing with individual spammers in this fashion, but
sooner or later you'll be blasted from a domain that doesn't really
care (because that's how they make _their_ money). You can complain
until your fingers are worn to nubs and you'll have had no effect.
It's at this point that you start blocking that domain.

Quote:>Showing your "credentials" as either an admin or the mail admin has it's
>privledges!

Provided you're dealing with reputable operators.

----------------------------------------------------------------
Richard Matheisen                           Wang Laboratories
Microsoft Certified System Engineer         Tewksbury, MA USA

 
 
 

Rejecting SPAM by the server

Post by Greg Aske » Fri, 11 Sep 1998 04:00:00


I think you're oversimplifying the problem.

The To: or Cc: fields are really just a formality as far as mail delivery is
concerned.  Plenty of legitimate mail is delivered via Bcc or listservs
that do not use those fields.

Regardless of the spam features of a mail product, plenty of spam
will still get through.  Once you understand the dynamics and reality
of the spammer's modus operandi, you will soon realize all those
features and time you spend diddling with them really don't stop
the spam.  At best, they can only partially minimize it.

The real question is what are you doing about it besides ranting
 on a product support newsgroup?

--
Greg Askew





>>>I've just started receiving some spam on my office id (which means
>>>someone has been trawling the BODY of newsgroup articles, sadly).


>>>I'm presumably on the BCC. As spams are often addressed like this, is
>>>there any way I can configure Exchange 5.5 to bounce this sort of thing?

>>You can use the "TurfTable" registry to eliminate the delivery of
>>messages *from* e-mail users or domains. Check the Exchange 5.5
>>Release Notes. Messages will simply not be delivered to your local
>>users if they match the addresses in this registry value. They won't
>>be NDR'd.

>Thanks. I'll read the notes (if I can - if they're HTML they'll probably
>crash my browser :-(

>>At the client you can delete messages that aren't addressed explicitly
>>to you and that don't match any other rules (like the "From:" address
>>being a mailing list you've subscribed to).

>I'm running Exchange Client (not Outlook) and the rules don't appear
>that powerful. What p***es me off too is that the objected-to sender or
>recipient has to be in my address book!

>What I want to do is like my mail/newsreader at home. I can run a
>regular expression over the header and my main spamtrap simply says
>something like:

>If sender is recognised then accept.
>If can't find my domain in "To:" or "CC:" then reject.

>That gets rid of all bcc'd spam.

>If I wanted to I could add further rules like:
>sender is 8 digits at aol.com
>sender is all digits at compuserve.com
>   etc etc (they're typical illegal addresses faked by spammers)

>and best of all they're configured at server level so my client doesn't
>get cluttered. And at work, as an admin, I could bounce spam addressed
>to other people.

>And while I doubt most spammers bother, it's nice to generate NDR's so
>if you actually have a "reasonable spammer" they can clean their list of
>"known duff addresses" :-). My mail client can generate fake NDRs :-)
>and the satisfaction it gives me (even if it doesn't achieve anything)
>is well worth the effort!
>--
>Anthony W. Youngman - wol at thewolery dot demon dot co dot uk
>Trousers with a single hole in their waistband are topologically equivalent
>to a doughnut. These sugarcoated trousers have yet to catch on at fast-food
>outlets! (SuperStrings by F. David Peat)

>If replying by e-mail please mail wol. Anything else may get missed amongst
>the spam.

 
 
 

1. Rejecting SPAM with an SMTP message?

Does anyone know of a way of setting up the Exchange IMC (5.5 SP3) to reject
SPAM messages with an error message like UNIX?

ie
550 You are not permitted to deliver to this server. Call 1223345 to discuss
this further.

We have set up filtering in the IMC to kill messages from offending
spammers. The problem is that as far as I can tell, all this does is drop
the message - it does not provide any feedback to the host/sender of the
message?

There are two problems with this:
a) It is BAD netiquette - rejections/errors should provide feedbback to
indicate that there was not a communication failure, so that network
administrators can chase down problems.
b) It gives no opportunity to the sender to contact the organisation and
advise that they are NOT a spammer.

We are concerned that we may add addresses and domains in response to user
complaints, only to find that we exclude senders who have legitimate reasons
to contact us.
Any suggestions gratefully appreciated.

_________________________________________
Al Blake,  Information Technology Manager
Secretariat of the Pacific Community.
BPD5 98848 Noumea Cedex.
New Caledonia.
Tel +687 26.01.44 Fax +687 26.38.18

2. rule wizard & pop access

3. Rejecting SPAM from an email address and/or domain

4. Anti Spam

5. Rejecting SPAM sites w/ IMS on Exchange 5.5

6. OWA and IIS 3.0

7. Rejecting Spam

8. Disable Sending External Email

9. Rejecting Spam Mail

10. Reject Spam by e-mail address on 5.0

11. Rejecting spam

12. rejecting Spam domains.

13. Free tool to reject unwanted email (SPAM/UCE/user-no-longer-exist)