?
Solved

Email - SPAM rejection Exchange McAfee

Posted on 2009-02-09
14
Medium Priority
?
1,821 Views
Last Modified: 2013-12-09
We are recieveing excessive spam and rejections from windows live and hotmail accounts.

The setup is as follows;

SBS 2003 Exchange smtp feed
Fixed ip address, McAfee ITotal Protection Service.

McAfee is catching a fair amount of spam for users, but they are still recieving too much.
Also users are having mail sent to hotmail windows live accounts rejected, with the following message.

host mx3.hotmail.com [65.54.244.200]: 550 SC-001 Mail rejected by Windows Live Hotmail for policy reasons. Reasons for rejection may be related to content with spam-like characteristics or IP/domain reputation problems. If you are not an email/network admin please contact your E-mail/Internet Service Provider for help. Email/network admins, please visit http://postmaster.live.com for email delivery information and support

When i do a rDNS lookup we have no-dns-yet.demon.co.uk ???  this is not our domain.

Any help apprecieted


0
Comment
Question by:dbhsupport
  • 6
  • 4
  • 3
13 Comments
 
LVL 17

Assisted Solution

by:Suraj
Suraj earned 1000 total points
ID: 23593234
Just Follow this :

1) fist and the formost thing is to enable all the spam filterings on the exchange server :

--> On the properties of Message Delivery under Global Settings in the Recipients Filtering tab checked the 'Filter recipients who are not in the directory'
--> On the Sender Filtering tab checked the 'Filter messages with blank sender'
-->  On the Connection Filtering tab added a rule in the Block List Service Configuration as a display name of Spam Haus, DNS suffix of zen.spamhaus.org and on the return status code clicked on the Match filter rule to any of the filter responses and added the IP address from 127.0.0.2 to 127.0.0.12 with an exception
of 127.0.0.1, 127.0.0.3 and 127.0.0.9
-->  On the IMF tab changed the Gateway Blocking Configuration threshold to 7 and Archive When blocking messages and the Store Junk Email Configuration threshold to 6
-> then go to properties of default smtp virtual server--> general tab-->advance button--> edit--> and check mark all the filters except sender id filtering.................

-> enable tarpeting through the registry path :
-> NOW we wil add a regustry key so that if the spammer is using any kind of script exchange will break it....HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMTPSVC\Parameters and added a deword value TarpitTime and gave it a value of 5.

2) now stop the SMTP service. and go to "C:\Program Files\Exchsrvr\Mailroot location and rename Mailroot to MailrootOLD.
3) restart SMTP...... check the mail flow and monitor the queues......
0
 
LVL 17

Expert Comment

by:Suraj
ID: 23593249
check if the server is open for relay. properties of Default smtp virtual server ->access tab--> relay
you should have the first option selected there. "Only the List Below"
and there should be nothng there in the List
lemme know if you have any questions

-x
0
 
LVL 65

Assisted Solution

by:Mestha
Mestha earned 1000 total points
ID: 23594164
Is your ISP Demon internet?
If so then you need to contact them to get a reverse DNS setup. The address you have posted is the default address that Demon apply to connections that do not have anything configured.

Lack of reverse DNS will cause a problem.
As an interim measure, re-run the Configure Email and Connection wizard and change the setting to use a smart host and then enter the host name of your ISPs SMTP Server. If it is Demon then it is post.demon.co.uk from memory.

If you follow the instructions above that will mean you are using a blacklist. Are you sure that you want to do that? Using a blacklist basically means that someone else is deciding what email you can receive and you may find that it blocks more email than you wish. You cannot do anything about it as there is no white list function in Exchange for blacklist support.

And if you are using McAfee then IMF isn't really going to do a great deal to block the spam to be honest.

-M
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 

Author Comment

by:dbhsupport
ID: 23609381
thanks for responses, i would prefer not to use the blacklist, although it may come to that, I will tune the exchanhe filters first.

Regards, reverse DNS we already use the demon smart host to send.??

0
 
LVL 65

Expert Comment

by:Mestha
ID: 23611671
If you are sending email through the Demon smart host (not something I would advise personally, but that can wait for another day), then you shouldn't be getting those messages, unless Hotmail have blocked Demon's SMTP server cluster.

It could always be the content of your messages. Do you have graphics in your messages linked to external hosts, use stationery?

A blacklist isn't going to help with outbound email anyway.

-M
0
 

Author Comment

by:dbhsupport
ID: 23620810
mestha

Thanks just got something back from demon saying that hotmail had blocked one of their gateways. and it has now been resolved.

Thanks

I am at the moment changing the values in Global Setting - Intelligent Message Delivery , i am reducing them to see if it improves things.

Although is suggests that you need ienable intelligemt message filtering in the vitrtual SMTP connector, i do not seem to have the option to enable. I am not sure if that is just for the gateway or for the junkmail filter.

am i wasting my time changing the thresholds?
0
 

Author Comment

by:dbhsupport
ID: 23620869
I spotted how to add intelligent messaghe filtering to the Virtual SMTP connection ( edit apply ),
I have never used that before is it useful, do people keep it on?

0
 
LVL 17

Expert Comment

by:Suraj
ID: 23621171
Yes Ofcourse it is. it is one of the best Anti spam filter in Exch 2003 !!!
its scans the entire body , subhect of the email and rates the email an SCL rating.(1-9)
it will do this for Inbond internet mail...
it fires 2 times... One at Gateway and other at store...
Download the Guide :
http://technet.microsoft.com/en-us/library/aa996624(EXCHG.65).aspx
this will tell you each and every thing about it....

Just read this too... your all questions will be answered ;-)

http://support.microsoft.com/kb/555602

-x
0
 

Author Comment

by:dbhsupport
ID: 23623467
Sorry to ask, is it good> or is your reply got some sarcasm in it, thanks for the links either way.
0
 
LVL 17

Expert Comment

by:Suraj
ID: 23623754
Its Good ! best practice !
its an inbuilt feature of spam filter By microsoft... so .. its good....
IMF does filterins based on words, characters .. which no other filter does.. you can also customise it...
so Thats why.. its called INTELLIGENT MESSAGE FILTER ;-)

-X
0
 
LVL 65

Expert Comment

by:Mestha
ID: 23625621
IMF is basic at best. It is good for free, but that is about it.
However as with all antispam solutions, it can work really well for some people and be totally useless for others. I have some clients who use nothing else, others where we had to go to a third party for antispam that worked.
However I do suggest that you try it, as it is built in to the product. However if it doesn't work for you then you will need to look elsewhere.

If you have licences for McAfee's antispam solution then I would be looking to see if that is running at optimum levels, however it can be the case that a product simply doesn't work for some people.

-M
0
 

Accepted Solution

by:
dbhsupport earned 0 total points
ID: 23668707
Sorry meant to assign points to all that helped with info can they please be reassigned
0
 

Author Closing Comment

by:dbhsupport
ID: 31544534
thanks for the info
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

User Beware!  This is a rather permanent solution to removing your email from an exchange server.  The only way to truly go back is to have your exchange administrator restore your mailbox from backups.  This is usually the option of last resort.  A…
Having trouble getting your hands on Dynamics 365 Field Service or Project Service trial? Worry No More!!!
The view will learn how to download and install SIMTOOLS and FORMLIST into Excel, how to use SIMTOOLS to generate a Monte Carlo simulation of 30 sales calls, and how to calculate the conditional probability based on the results of the Monte Carlo …
The viewer will learn how to use the =DISCRINV command to create a discrete random variable, use this command to model a set of probabilities and outcomes in a Monte Carlo simulation, and learn how to find the standard deviation of a set of probabil…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question