• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 56
  • Last Modified:

Receive many anonymos mails with attachements .zip

Hi,

I have a mailbox (Exchange 2013) receive always many anonymos emails with zip attachements, of course i guess it's malisious mails how can i block the flow of this emails
I enabled and configured the native anti-spam and the mailware protection on Exchange but my problem not resolved
Example of mail:

Earl <Earl.eddington5@cornishcastle.co.uk>
mer. 21/09/2016 15:54
À :
******;
 1 pièce jointe
_23806_361456.zip

Your message is ready to be sent with the following file or link
attachments:

  _23806_361456

Note: To protect against computer viruses, e-mail programs may prevent
sending or receiving certain types of file attachments.  Check your e-mail
security settings to determine how attachments are handled.
0
Mohamed Amine LIMAME
Asked:
Mohamed Amine LIMAME
  • 2
  • 2
  • 2
1 Solution
 
*** Hopeleonie ***IT ManagerCommented:
Which Anti-spam solution do you use?
0
 
Dr. KlahnPrincipal Software EngineerCommented:
If your SMTP receiver is not already doing this, consider add blocking using the active spam blocking lists.  This should cut the size of the problem down significantly, possibly to a level where it can be handled by the unfortunate recipients.

Using the following four lists, the amount of spam getting through has fallen by 90% on my server.

  • zen.spamhaus.org
  • bl.spamcop.net
  • cbl.abuseat.org
  • dnsbl-1.uceprotect.net

Blocking all email containing ZIP file attachments is certainly possible, but it cripples anyone who wants to send a compressed attachment.
0
 
*** Hopeleonie ***IT ManagerCommented:
We use Barracuda to block our Spam. It has reduced 99% of our Spam. The MS inbuilt solution was not enough for us.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Mohamed Amine LIMAMEAuthor Commented:
@Dr. Klahn

I configured the:

zen.spamhaus.org
bl.spamcop.net

but problem not solved
0
 
Dr. KlahnPrincipal Software EngineerCommented:
Does the mail receiver's log show emails being refused as spam?  If not, add uceprotect.net.   That will certainly cause some incoming email to be rejected.  If it does not, then it is possible the blocks are not actually active.

Also check the full header expansion of several of the spams to see where the routing shows it came from.  Note that this can be deceptive as much spam tries to obfuscate the actual source.  If (for example) the routing shows that it is emanating from within your network, then it is might be bypassing all filters; in that case, find the infected machine(s) and shut them down.
0
 
Mohamed Amine LIMAMEAuthor Commented:
I configured the:
Connection Filtering Agent in FrontEND

http://clintboessen.blogspot.com/2014/05/rbl-providers-and-exchange-2013.html

and i configured also the IPBlockListProvider:

zen.spamhaus.org
bl.spamcop.net
cbl.abuseat.org
dnsbl-1.uceprotect.net

problem almost solved  90% but i continue to receive some a few mails
0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now