Receive many anonymos mails with attachements .zip

Mohamed Amine LIMAME
Mohamed Amine LIMAME used Ask the Experts™
on
Hi,

I have a mailbox (Exchange 2013) receive always many anonymos emails with zip attachements, of course i guess it's malisious mails how can i block the flow of this emails
I enabled and configured the native anti-spam and the mailware protection on Exchange but my problem not resolved
Example of mail:

Earl <Earl.eddington5@cornishcastle.co.uk>
mer. 21/09/2016 15:54
À :
******;
 1 pièce jointe
_23806_361456.zip

Your message is ready to be sent with the following file or link
attachments:

  _23806_361456

Note: To protect against computer viruses, e-mail programs may prevent
sending or receiving certain types of file attachments.  Check your e-mail
security settings to determine how attachments are handled.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
*** Hopeleonie ***IT Manager

Commented:
Which Anti-spam solution do you use?
Principal Software Engineer
Commented:
If your SMTP receiver is not already doing this, consider add blocking using the active spam blocking lists.  This should cut the size of the problem down significantly, possibly to a level where it can be handled by the unfortunate recipients.

Using the following four lists, the amount of spam getting through has fallen by 90% on my server.

  • zen.spamhaus.org
  • bl.spamcop.net
  • cbl.abuseat.org
  • dnsbl-1.uceprotect.net

Blocking all email containing ZIP file attachments is certainly possible, but it cripples anyone who wants to send a compressed attachment.
*** Hopeleonie ***IT Manager

Commented:
We use Barracuda to block our Spam. It has reduced 99% of our Spam. The MS inbuilt solution was not enough for us.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

@Dr. Klahn

I configured the:

zen.spamhaus.org
bl.spamcop.net

but problem not solved
Dr. KlahnPrincipal Software Engineer

Commented:
Does the mail receiver's log show emails being refused as spam?  If not, add uceprotect.net.   That will certainly cause some incoming email to be rejected.  If it does not, then it is possible the blocks are not actually active.

Also check the full header expansion of several of the spams to see where the routing shows it came from.  Note that this can be deceptive as much spam tries to obfuscate the actual source.  If (for example) the routing shows that it is emanating from within your network, then it is might be bypassing all filters; in that case, find the infected machine(s) and shut them down.
I configured the:
Connection Filtering Agent in FrontEND

http://clintboessen.blogspot.com/2014/05/rbl-providers-and-exchange-2013.html

and i configured also the IPBlockListProvider:

zen.spamhaus.org
bl.spamcop.net
cbl.abuseat.org
dnsbl-1.uceprotect.net

problem almost solved  90% but i continue to receive some a few mails

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial