Posted on 2004-08-31
Medium Priority
Last Modified: 2010-04-11
I have a network of around 200 users. I have Lotus Notes email system and I also have spam sentinal. Everyday users receive spams. Interesting thing is, some particular users receive more spams than anyone else....even though I have changed their email address  but still those particular users receiving spams. These users dont use their email address outside company...I mean they dont buy stuff using their email address or post their email address on the web.

What might the problem here?

Any suggestions

Question by:azam786

Expert Comment

ID: 11944108
Is your Ip address static or dynamic? I think the problem here is that the sites where your users have gone in and given their names . these sites must have tallied their email address to their Mac adddress or physical address as you know is distinct for every computer. Now even though you changes the emails address the port settings and mac addresses have not changed . So these mails keep on coming.

I think you better buy a licensed Norton or Mcafee Internet and email spam killer . It is worth the buy and is better than spam sentinal and they have great support too.

Expert Comment

ID: 11944514
Given that you are using Lotus Notes and have 200 users, you will most likely want a solution tuned to Lotus. This link discusses a number of anti-spam tools for Lotus Notes/Domino:

LVL 34

Expert Comment

ID: 11944606
Another possibility is that someone is dictionary-spamming your SMTP gateway. They just sit there and send E-Mail to:


and so forth. If you have common E-Mail addresses, this would explain why people are getting SPAM even tho they never use their work E-Mail on websites.

Also, if you allow the SMTP VRFY or EXPN commands on your SMTP gateway, spammers may cull working addresses that way.

Several ideas:

1) Enable RBLs and other anti-spam measures, assuming the Lotus Notes SMTP gateway has these features.

2) You could interpose a sendmail relay between the 'Net and your Lotus environment. This relay would be configured with RBLs and other anti-SPAM settings and would buffer your Lotus environment.
The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.


Expert Comment

ID: 11948137
PsiCop is most likely right.  I run a email server that serves a few hundred users and i have a simular problem.  Also I get many to webmaster@, root@, guest@.  This highly suggest that it is to do with pre-knowledge or dictionary attacks.  Also there is a posibility that there is a worm on your user's machine that is harvesting their email.  A few worms are known to remember their victum's email and then spoof them as it re-sends itself to others as attachments.

The spam tagging software I use is:


It is very powerful and catchs about 95%+ of spam after some tweeks.

LVL 34

Expert Comment

ID: 11949058
One of the anti-SPAM tricks in modern sendmail is that you can throttle a connection after X number of bad recipients. So if someone connects and starts throwing random names at your server, the server, after a given number of random names (you can set this) starts really slowing down the connection. Forces the spammer's server to wait, and wait, and wait.....

Dunno if Lotus has a similar feature.

There are other things you can do in sendmail, like limiting the number of recipients for a given envelope, etc. Not sure how many of these features can be found in Lotus. Sure as heck don't get this kind of control in Exchange.

Author Comment

ID: 11972315
Thanks guys for the comments. I have static IP addresses. I changed one my employee's static IP address. Spam activity has been reduced on his PC lil bit.
I am going to turn on the "reverse look-up" feature of lotus notes, when its on, lotus notes goes back to check  the source of the email and if it doesnt find a legitimate email source server it rejects the email.....I will see how its gonna affect users....

Big guys at my company are thinking to abandon Lotus Notes or hosting email system at the company and go for yahoo business email package.....I have to figure out what are the possible disadvantages....

Any comments?

LVL 34

Expert Comment

ID: 11973508
Yahoo! For *business* E-Mail? Are the big guys crazy?

1) Yahoo! is not going to eliminate the SPAM problem - they just aren't going to put the effort into it to do more than stem the tide somewhat.

2) Read the Terms of Service VERY carefully. I'm willing to be that even for "business" account, Yahoo! has the right to terminate or suspend service at any time, for any reason, and with little or no routes for recourse by you. Want to walk into work one morning and find your corporate accounts suspended because some spammer forged your corporate E-Mail addresses in some SPAM and Yahoo! shut you down due to all the complaints? They probably don't have any requirement to investigate in a timely manner or even turn the service back on.

3) Backups? Restoration of accidentally deleted E-mail? Does your industry have any record-retention requirements? Think a judge is going to be impressed if you can't retrieve E-Mail under subpeona?

The problem isn't Notes as an E-Mail system. You do have an issue in that it apparently lacks the granularity and anti-SPAM defenses of other modern E-Mail systems (GroupWise v6.5, http://www.novell.com/groupwise) implements RBL, white-listing, and junk mail identification. You don't specify the VERSION of Notes you're running, so its hard to say why it lacks these feature - might be an old version.

For very little cost, you could interpose a sendmail relay between Lotus and the Internet. Get an older 400 or 500 MHz CPU box with 256 MB of RAM and 8 or 10 GB of disk, install Solaris X86, or some Linux variant, add sendmail, and configure as a mail relay (at least for inbound E-Mail), and add the 5 free RBLs to the config. You'll have probably an immediate 70% drop in SPAM. Add open-source tools like MIMEdefang and SPAM-Assassin (the later is an Apache Software Foundation project) and you can get that darn close to 100% SPAM elimination with few false-positives.

Author Comment

ID: 11973744
You have mentioned some very interesting points about Yahoo Business email...I will do some more search on that....

Btw, we are using Lotus Notes 4.6, i know its an old junk and thats why i recommended to upgrade it to the latest version or go for Microsoft Exchange.

I will think about your sendemail relay suggestion.


Author Comment

ID: 11973828
Also can you give me some links on  creating sendmail relay for lotus notes...I mean howto kind of links...

LVL 34

Accepted Solution

PsiCop earned 375 total points
ID: 11973974
Exchange is THE most-expensive E-Mail system on the planet, in terms of cost per mailbox per month (Source: Gartner Group E-Mail System TCO comparison study). Unless you like pouring money down ratholes and having an E-Mail system any 16-year-old twerp in Germany can bring to its knees, I'd think outside of the box and look at other systems that cost a lot less and deliver the same (or better) services.

OpenExchange --> http://www.suse.com/us/business/products/openexchange/index.html?sourceidint=productscatmenu_slos

GroupWise v6.5 --> http://www.novell.com/products/groupwise/index.html?sourceidint=productscatmenu_groupwise
(Note: They probably offer discounts for competitive upgrades)

NetMail --> http://www.novell.com/products/netmail/index.html?sourceidint=productscatmenu_netmail

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Cloud computing is a model of provisioning IT services. By combining many servers into one large pool and providing virtual machines from that resource pool, it provides IT services that let customers acquire resources at any time and get rid of the…
In computing, Vulnerability assessment and penetration testing are used to assess systems in light of the organization's security posture, but they have different purposes.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

619 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question