sirvodka
asked on
Listing of all Spam domains/addresses on Exchange 2003
Hello,
I have a SBS with Exchange 2003.
Trend C/S/M Security currently routes all mail it considers spam into the users spam folder.
I would like to get a complete list of all domains/IP addersses that are in the users spam folders so I can use Exchange filtering to block them.
Is there any way to get this list off of the Exchange server without having to go to each PC for the information?
Trend tech support said there was no way to get this list through the C/S/M software.
Thanks.
Steve
I have a SBS with Exchange 2003.
Trend C/S/M Security currently routes all mail it considers spam into the users spam folder.
I would like to get a complete list of all domains/IP addersses that are in the users spam folders so I can use Exchange filtering to block them.
Is there any way to get this list off of the Exchange server without having to go to each PC for the information?
Trend tech support said there was no way to get this list through the C/S/M software.
Thanks.
Steve
itcoza
The new Trend applications can all export their logs to CSV files, so you should be able to extract the information after you have exported the logs to a CSV files. THen use Excel to retrieve the info you are looking for.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I must agree with JAR3817 on that point.
Don't let me dissuade you from doing this, but stick to the IP addresses of the closes relay. By that I mean pick the IP addresses from the headers that passed the mail to your server directly. Sometimes email can bounce around between many sites before it gets to you. In the case of spam most of the "Received:" headers are forged as well. The only Recieved header you can trust is the one that first references your server in it.
If you have the time to do this fruitless task - either domains or IP addresses then good luck. Most of us do not.
Blocking connections based on either domain or IP address is a fruitless exercise.
Most spam domains are spoofed.
Most spam comes from compromised machines that are on dynamic IP addresses. The addresses will be changing frequently.
There are far more effective methods than trying to block spam on that basis.
Simon.
Blocking connections based on either domain or IP address is a fruitless exercise.
Most spam domains are spoofed.
Most spam comes from compromised machines that are on dynamic IP addresses. The addresses will be changing frequently.
There are far more effective methods than trying to block spam on that basis.
Simon.
ASKER
Thanks for all the replies.
Simon,
What are the more effective methods? Are we talking $$$$$?
Steve
Simon,
What are the more effective methods? Are we talking $$$$$?
Steve
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Depending on your skill level you can setup a cheap (free) linux relay server that can do grey/black-listing, virus scanning, you name it. The relay will accept all mail for your domain, process it and then forward it to exchange. I do this at work mostly because I'm a linux guy, and I wanted exchange to stay as cherry as possible. The less third-party software with its fingers in exchange the better. And I'm cheap...
This might be out of the question at your job, but it works VERY well for me.
This might be out of the question at your job, but it works VERY well for me.
ASKER
Thank you for all the responses.
I will start with the internal tools and go to 3rd party if needed.
Thanks.
Steve
I will start with the internal tools and go to 3rd party if needed.
Thanks.
Steve