Link to home
Start Free TrialLog in
Avatar of Mohamed Amine LIMAME
Mohamed Amine LIMAME

asked on

Receive many anonymos mails with attachements .zip

Hi,

I have a mailbox (Exchange 2013) receive always many anonymos emails with zip attachements, of course i guess it's malisious mails how can i block the flow of this emails
I enabled and configured the native anti-spam and the mailware protection on Exchange but my problem not resolved
Example of mail:

Earl <Earl.eddington5@cornishcastle.co.uk>
mer. 21/09/2016 15:54
À :
******;
 1 pièce jointe
_23806_361456.zip

Your message is ready to be sent with the following file or link
attachments:

  _23806_361456

Note: To protect against computer viruses, e-mail programs may prevent
sending or receiving certain types of file attachments.  Check your e-mail
security settings to determine how attachments are handled.
Avatar of *** Hopeleonie ***
*** Hopeleonie ***
Flag of Switzerland image

Which Anti-spam solution do you use?
ASKER CERTIFIED SOLUTION
Avatar of Dr. Klahn
Dr. Klahn

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
We use Barracuda to block our Spam. It has reduced 99% of our Spam. The MS inbuilt solution was not enough for us.
Avatar of Mohamed Amine LIMAME
Mohamed Amine LIMAME

ASKER

@Dr. Klahn

I configured the:

zen.spamhaus.org
bl.spamcop.net

but problem not solved
Does the mail receiver's log show emails being refused as spam?  If not, add uceprotect.net.   That will certainly cause some incoming email to be rejected.  If it does not, then it is possible the blocks are not actually active.

Also check the full header expansion of several of the spams to see where the routing shows it came from.  Note that this can be deceptive as much spam tries to obfuscate the actual source.  If (for example) the routing shows that it is emanating from within your network, then it is might be bypassing all filters; in that case, find the infected machine(s) and shut them down.
I configured the:
Connection Filtering Agent in FrontEND

http://clintboessen.blogspot.com/2014/05/rbl-providers-and-exchange-2013.html

and i configured also the IPBlockListProvider:

zen.spamhaus.org
bl.spamcop.net
cbl.abuseat.org
dnsbl-1.uceprotect.net

problem almost solved  90% but i continue to receive some a few mails