Solved

MailEnable and Spam

Posted on 2012-03-20
5
1,022 Views
Last Modified: 2012-03-23
I've a dedicated server using MailEnable as Mail Server.
My customer is... let's say CustomerDomain.com to ease my life.

Since 2 days we are beeing bombarded by emails sent by "AnEmployee@CustomerDomain.Com".  But when i look at the real message header, i see that it's sent from other places.

Here's few examples of messages headers:

Received: from atayatirim.com.tr ([125.235.39.68]) by CustomerDomain.com with MailEnable ESMTP; Tue, 20 Mar 2012 18:26:20 -0600
Message-ID: <Wed, 21 Mar 2012 07:25:24 +0700.707080@CustomerDomain.com>
Date: Wed, 21 Mar 2012 07:25:24 +0700
From: <alain@CustomerDomain.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6
MIME-Version: 1.0
To: <alain@CustomerDomain.com>
Subject: hi
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Return-Path: <huskierks21@atayatirim.com.tr>

Open in new window


Another example
Received: from uob-oskam.com.my ([80.174.113.48]) by CustomerDomain.com with MailEnable ESMTP; Tue, 20 Mar 2012 14:43:06 -0600
Message-ID: <Tue, 20 Mar 2012 21:42:09 +0100.807090@CustomerDomain.com>
Date: Tue, 20 Mar 2012 21:42:09 +0100
From: <alain@CustomerDomain.com>,
	<info@CustomerDomain.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en; rv:1.9.2.12) Gecko/20101027 Thunderbird/3.1.6
MIME-Version: 1.0
To: <alain@CustomerDomain.com>,
	<fbellavance@CustomerDomain.com>,
	<info@CustomerDomain.com>
Subject: hi
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Return-Path: <steakvc2101@uob-oskam.com.my>
X-Read: 1

Open in new window


How is it possible to stop these "impersonations" with MailEnable?

Thanks for your help
0
Comment
Question by:cdebel
  • 3
  • 2
5 Comments
 
LVL 21

Accepted Solution

by:
Papertrip earned 500 total points
ID: 37747919
I have never used MailEnable, but do you have any anti-spam/spoofing features installed?

http://www.mailenable.com/features/anti-spam.asp
0
 
LVL 10

Author Comment

by:cdebel
ID: 37747964
I've activated the "Enable DNS BlackListing" and "Enable URL Blacklisting", and subscribed to BarracudaCentral.org.

I've also protected the Relaying (for outgoing emails to other domain names), and it requires to be authenticated, and it always require a POP3 connection prior to the SMTP connection.
0
 
LVL 10

Author Comment

by:cdebel
ID: 37748107
I must say that this subscription to BarracudaCentral.org is quite recent.

We keep receiving these emails, but they are marked as junk since i see that in the email envelope:

X-ME-Content: Deliver-To=Junk

I'll let it run like this for a while and see if it reduce the amount of undetected spam.

Once that i've seen that it's working properly and that there's no "False Positive", i'll stop marking them as spam and simply mark them for deletion...
0
 
LVL 21

Expert Comment

by:Papertrip
ID: 37748166
Cool good luck!
0
 
LVL 10

Author Closing Comment

by:cdebel
ID: 37757994
I've marked the emails to be deleted instead of placing it in the junk folder.  There was no false positive.  We still have some incomming spams, but for the moment that's acceptable.
If it become a problem, we might buy a license of MailEnable to add Bayesian Filtering, SPF and other stuff.

We still can access the MailEnable logs to see the real senders, to determine if we got false positive (by looking at the Error 554).

Thanks for your help
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now