?
Solved

Spam problem with exchange 2003

Posted on 2005-03-12
3
Medium Priority
?
696 Views
Last Modified: 2008-01-09
I am running Exchange 2003 enterprise on Windows 2003 standard server. We have Mcafee Groupshield version 6.06 with the built in spam filter.

We have recently been quite badly hit by spam from a particular domain (same message sent 1500 times per hour for the last day and a half!).

I have configured groupshield to delete this message which it seems to be doing quite successfully as no copies are finding their way through to the mailbox concerned.

Unfortunately, a copy of the email seems to getting through to exchange as the log files in my MDBDATA seem to be growing at an alarming rate. (a new 5MB file every couple of minutes). I know that these files are cleared once the backup runs but this won't be until Monday and I'm worried about my drive filling up.

Can somebody suggest any ways I can configure exchange or groupshield so these emails simply bounce and don't end up clogging up exchnage log files??

Cheers

Andy
0
Comment
Question by:metamatic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 104

Accepted Solution

by:
Sembee earned 1600 total points
ID: 13526759
The problem is that McAfee is processing the message after it has been delivered to Exchange, so Exchange writes the message to its log file. The only way to stop a message from being delivered is to filter it at the SMTP level.

How much legitimate email does this one mailbox get? If it isn't much, then you could drop the smtp address from the mailbox, then enable the feature to filter non-valid users. This filter acts at the SMTP level, so the message doesn't even get delivered.

http://www.amset.info/exchange/filterunknown.asp

If that isn't practical, then you could try filtering the domain with Exchange and not McAfee.
This can have mixed success.
ESM, Global Settings. Right click on "Message Delivery". Choose the Sender filtering tab and add *@domain.com to filter everything from that domain.

Ideally this is where an external machine sat between your Exchange server and the Internet comes in handy. The email would be filtered at this box and not Exchange, keeping the messages out of the database totally.

Simon.
0
 
LVL 10

Assisted Solution

by:munichpostman
munichpostman earned 400 total points
ID: 13527780
You should consider using a managed Content filtering service which removes spam at the Network perimeter rather than on your Exchange Server.

We have been using Postini with impressive results.

www.Postini.com

There competitotrs are pretty good as well.

www.messagelabs.com (Good but a little pricey)
www.Frontbridge.com (Excellent)

Another option is to consider purchasing an appliance such as Ironport or Ironmail and have them sat between Exchange and the Internet. You can a thirdparty plug-in such as Brightmail and this will keep the Spam off your Exchange servers.

www.Ironport.com
www.Ironmail.com
0
 

Author Comment

by:metamatic
ID: 13528117
Thanks for the help guys.

Sembee's answer has solved my problem but I've given some points to Munichpostman for his suggestions about alternative solutions.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question