Solved

Spams

Posted on 2004-08-31
10
585 Views
Last Modified: 2010-04-11
Hi,
I have a network of around 200 users. I have Lotus Notes email system and I also have spam sentinal. Everyday users receive spams. Interesting thing is, some particular users receive more spams than anyone else....even though I have changed their email address  but still those particular users receiving spams. These users dont use their email address outside company...I mean they dont buy stuff using their email address or post their email address on the web.

What might the problem here?

Any suggestions

Azam
0
Comment
Question by:azam786
10 Comments
 
LVL 2

Expert Comment

by:yavooza
ID: 11944108
Is your Ip address static or dynamic? I think the problem here is that the sites where your users have gone in and given their names . these sites must have tallied their email address to their Mac adddress or physical address as you know is distinct for every computer. Now even though you changes the emails address the port settings and mac addresses have not changed . So these mails keep on coming.

I think you better buy a licensed Norton or Mcafee Internet and email spam killer . It is worth the buy and is better than spam sentinal and they have great support too.
0
 
LVL 7

Expert Comment

by:jimwasson
ID: 11944514
Given that you are using Lotus Notes and have 200 users, you will most likely want a solution tuned to Lotus. This link discusses a number of anti-spam tools for Lotus Notes/Domino:

http://lotus.advisor.com/doc/13700
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 11944606
Another possibility is that someone is dictionary-spamming your SMTP gateway. They just sit there and send E-Mail to:

adam@company.com
bill@company.com
charlie@company.com
doug@company.com

and so forth. If you have common E-Mail addresses, this would explain why people are getting SPAM even tho they never use their work E-Mail on websites.

Also, if you allow the SMTP VRFY or EXPN commands on your SMTP gateway, spammers may cull working addresses that way.

Several ideas:

1) Enable RBLs and other anti-spam measures, assuming the Lotus Notes SMTP gateway has these features.

2) You could interpose a sendmail relay between the 'Net and your Lotus environment. This relay would be configured with RBLs and other anti-SPAM settings and would buffer your Lotus environment.
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 11948137
PsiCop is most likely right.  I run a email server that serves a few hundred users and i have a simular problem.  Also I get many to webmaster@, root@, guest@.  This highly suggest that it is to do with pre-knowledge or dictionary attacks.  Also there is a posibility that there is a worm on your user's machine that is harvesting their email.  A few worms are known to remember their victum's email and then spoof them as it re-sends itself to others as attachments.

The spam tagging software I use is:

http://0url.com/56

It is very powerful and catchs about 95%+ of spam after some tweeks.

-Ram
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 11949058
One of the anti-SPAM tricks in modern sendmail is that you can throttle a connection after X number of bad recipients. So if someone connects and starts throwing random names at your server, the server, after a given number of random names (you can set this) starts really slowing down the connection. Forces the spammer's server to wait, and wait, and wait.....

Dunno if Lotus has a similar feature.

There are other things you can do in sendmail, like limiting the number of recipients for a given envelope, etc. Not sure how many of these features can be found in Lotus. Sure as heck don't get this kind of control in Exchange.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:azam786
ID: 11972315
Thanks guys for the comments. I have static IP addresses. I changed one my employee's static IP address. Spam activity has been reduced on his PC lil bit.
I am going to turn on the "reverse look-up" feature of lotus notes, when its on, lotus notes goes back to check  the source of the email and if it doesnt find a legitimate email source server it rejects the email.....I will see how its gonna affect users....

Big guys at my company are thinking to abandon Lotus Notes or hosting email system at the company and go for yahoo business email package.....I have to figure out what are the possible disadvantages....

Any comments?

0
 
LVL 34

Expert Comment

by:PsiCop
ID: 11973508
Yahoo! For *business* E-Mail? Are the big guys crazy?

1) Yahoo! is not going to eliminate the SPAM problem - they just aren't going to put the effort into it to do more than stem the tide somewhat.

2) Read the Terms of Service VERY carefully. I'm willing to be that even for "business" account, Yahoo! has the right to terminate or suspend service at any time, for any reason, and with little or no routes for recourse by you. Want to walk into work one morning and find your corporate accounts suspended because some spammer forged your corporate E-Mail addresses in some SPAM and Yahoo! shut you down due to all the complaints? They probably don't have any requirement to investigate in a timely manner or even turn the service back on.

3) Backups? Restoration of accidentally deleted E-mail? Does your industry have any record-retention requirements? Think a judge is going to be impressed if you can't retrieve E-Mail under subpeona?

The problem isn't Notes as an E-Mail system. You do have an issue in that it apparently lacks the granularity and anti-SPAM defenses of other modern E-Mail systems (GroupWise v6.5, http://www.novell.com/groupwise) implements RBL, white-listing, and junk mail identification. You don't specify the VERSION of Notes you're running, so its hard to say why it lacks these feature - might be an old version.

For very little cost, you could interpose a sendmail relay between Lotus and the Internet. Get an older 400 or 500 MHz CPU box with 256 MB of RAM and 8 or 10 GB of disk, install Solaris X86, or some Linux variant, add sendmail, and configure as a mail relay (at least for inbound E-Mail), and add the 5 free RBLs to the config. You'll have probably an immediate 70% drop in SPAM. Add open-source tools like MIMEdefang and SPAM-Assassin (the later is an Apache Software Foundation project) and you can get that darn close to 100% SPAM elimination with few false-positives.
0
 

Author Comment

by:azam786
ID: 11973744
You have mentioned some very interesting points about Yahoo Business email...I will do some more search on that....

Btw, we are using Lotus Notes 4.6, i know its an old junk and thats why i recommended to upgrade it to the latest version or go for Microsoft Exchange.

I will think about your sendemail relay suggestion.

0
 

Author Comment

by:azam786
ID: 11973828
PsiCop,
Also can you give me some links on  creating sendmail relay for lotus notes...I mean howto kind of links...

Thanks
0
 
LVL 34

Accepted Solution

by:
PsiCop earned 125 total points
ID: 11973974
Exchange is THE most-expensive E-Mail system on the planet, in terms of cost per mailbox per month (Source: Gartner Group E-Mail System TCO comparison study). Unless you like pouring money down ratholes and having an E-Mail system any 16-year-old twerp in Germany can bring to its knees, I'd think outside of the box and look at other systems that cost a lot less and deliver the same (or better) services.

OpenExchange --> http://www.suse.com/us/business/products/openexchange/index.html?sourceidint=productscatmenu_slos

GroupWise v6.5 --> http://www.novell.com/products/groupwise/index.html?sourceidint=productscatmenu_groupwise
(Note: They probably offer discounts for competitive upgrades)

NetMail --> http://www.novell.com/products/netmail/index.html?sourceidint=productscatmenu_netmail
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now