We help IT Professionals succeed at work.

Exchange spam attack

Netexperts
Netexperts asked
on
611 Views
Last Modified: 2012-03-29
Our Exchange 2010 server is being hounded by a spam attack, with something trying a combination of random email addresses causing Sophos pure message to work overtime to block the attempts. Is there anything I can do? Please see the attachment.

Thanks
Comment
Watch Question

Co-Owner
CERTIFIED EXPERT
Top Expert 2011
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
Zaheer IqbalTechnical Assurance & Implementation
CERTIFIED EXPERT

Commented:
can you add any more spam house blacklists to Sophos?
ie spamhause.
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
How is that going to help?
Zaheer IqbalTechnical Assurance & Implementation
CERTIFIED EXPERT

Commented:
It will block the IP Addresses in their database won't it?

Commented:
alanhardisty is exactly right. The product it doing what it is design for.

If you don't want the messages showing up in the event viewer I suggest moving to a off premise solution such as Postini where everything is filtered in the cloud before reaching your server. Price is very responsible too and provide spooling.
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
It is already blocking the spam attack - and the attacks could be coming from multiple IP's some of which may be listed in a blacklist, others may not.

Either way - if the IP gets blocked or the message gets blocked because of invalid recipient - Sophos is having to work to reject the messages, so I don't see any benefit to adding another Blacklist as it still has to check the Blacklist.  Not saying it won't - just don't see any benfit other than blocking at the firewall, then Sophos won't have to do the work.
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
"If you don't want the messages showing up in the event viewer"

Or stop Sophos logging every rejection to the Event logs.
Zaheer IqbalTechnical Assurance & Implementation
CERTIFIED EXPERT

Commented:
Ok thanks for the clarification, we use Barracuda spam appliances which do all the work
Alan HardistyCo-Owner
CERTIFIED EXPERT
Top Expert 2011

Commented:
Barracuda's are great because they stop the rubbish hitting your servers - but with Sophos - it is a server-based software solution and thus the first point of entry to remove the load from the server would be the firewall.

Adding a blocklist to Sophos would still mean the emails hit the server and ideally, if they can be blocked before they get that far, that would be a better solution.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.