Phishing scam: "Pending message"- how to set my sonic wall for such type of email. We have O365 email system. Thanks

1. Is it recommended to have both Windows Defender and
     Symantec EndPoint Protection running at the same time ?

 2. If not, how can I setup my MDT image
    so it does not deploy Windows Defender ?
-----------------------------------------------
Environment
  ** Windows Server 2012 R2 test domain
  ** Symantec EndPoint Protection deployed
       to Windows 10 Pro client via MDT image

Our organization is on Exchange 2010 hybrid environment with O365. All incoming mails are directed to an external spam filter organization which delivers to our CAS servers that handles mail. 3 emails were stuck all night into the spam deliver queue unable to deliver these 3 messages to our server, rest of the messages were flowing. On the spam company side, it just shows peer not accepting the message so they kept retrying. In the end we ended up simply rejecting these messages from the external spam filter delivery queue.

I want to investigate the reason to why this email was stuck in the queue for so long and our exchange was not accepting it. It looked legitimate. I am new to exchange learning, what would be the best way to find out the reason and analyze the log once I find them ?

Thanks

Hi,

Exchange  and anti spam(proofpoint) in DMZ.
If I send e-mail to non-existent e-mail address in my organization
I receive error
#550 5.1.1 RESOLVER.ADR.RecipNotFound; not found ##
But if I send e-mail to non-existing e-mail address outside of my organization e.g. Gmail
I dont receive any error in outlook.
Proofpoint logs has error user unknow
sendmail: KCdM73031878: DSN: User unknown
but sender doesnt receive any information in outlook.
Where should I start  troubleshooting  Exchange or anti spam?
Any advice please
Thank you

Hi...why all of sudden all my domains are blacklisted in Spamhaus DBL.

This is using MS Exchange Server 2016 antispam features. Although I have run the "install antispam.ps1" successfully. However, spam still rampage. How to configure this features so as spam can be detected and caught in no time?

Thanks in advance.

In the past week I had two clients that a spam email was send out from their email to all their contacts. Thy wanted to notify all their contacts that this was a spam and not open or reply, just delete.

The simple way would be, sending out an email to all their contacts, but when google seas such kind of activity from one email sending out to this many email addresses it will mark it as spam or block it.

What I did, I export all contacts and was looking for a company that will not charge monthly since I don’t need a monthly plan [have no issue to pay on the project], most company’s I googled charge monthly at it’s designed for marketing project. I found a company sendpulse.com which gives up to 2500 emails free. But 1- most email landed in spam 2- it’s difficult to use it for such type of task, it’s designed for marketing with lot of fields to fill out, make the work complicated and slows the process. And in  this case we need quick and simple action.

I am sure there is a quick and efficient way to handle such cases, any advice?

How to get the correct detail for DKIM and SPF from vendor domain to add to TXT record for  our domain so vendor can send as us and not be blocked as spam.
Hi. thanks for looking at this problem.
An external vendor does mail outs for us.
When they do mailouts their emails sent as name@ourdomain.com get blocked since it isn't our domain sending the email.
I understand we can add their DKIM information as a TXT record to our DNS to make their domain trusted to send as us.
Do you know what detail it needs?
I have found this article
https://support.symantec.com/en_US/article.TECH132756.html

I have gotten the vendor detail from the message header of an email they have sent as us.
I can do an nslookup like this:
nslookup -type=txt "vendorselector"._domainkey."vendordomain"
and it comes back with a text record like:
v=DKIM1: p=sdfasdfafasdfasdfasdf
but there is no K or H value.
the other TXT records I have seen for DKIM have at least a K value which seems to be mostly RSA

Does anyone know if I do this kind of NSLookup and it returns that TXT record, if that is all I have to put in our DNS?

Normally I would just ask the vendor for this detail, but they don't seem to have the will to gather it.

Thanks,
Shaun

When you get a blank email from someone that only has a subject line of "HI, this is KEN".  What is the purpose of that email?  There is no bad code, nothing to download, no attachments, no links.

I sent an email from my domain to google and i found the error when i go to original message

spf=permerror (google.com: permanent error in processing during lookup of btv1==6117437fd2d==rsharma@iss.school.fj: mail.international.school.fj not found) smtp.mailfrom=btv1==6117437fd2d==rsharma@iss.school.fj

spf record = v=spf1 a mx include:_spf.google.com include:mail.international.school.fj include:mailrelay.unwired.com.fj ~all

spf=permerror (google.com: permanent error in processing during lookup of btv1==611a1cd8c90==rsharma@international.school.fj: mail.iss.school.fj not found) smtp.mailfrom=btv1==611a1cd8c90==rsharma@international.school.fj

spf record =v=spf1 a mx include:mail.iss.school.fj include:mailrelay.unwired.com.fj ~all



requesting assistance and how i can solve this

Hi,

We have this script to delete phising emails from our organisation, however we also these requirements:

1)      We need to add into the search-mailbox after -searchquery an additional requirement for date or time, as we only want to search for emails since a certain date. We use this script to delete phishing attack emails, so we know when they started, so need to be able to search for all emails since a date and delete them if the subject matches. So the most recent example, would be all emails containing subject “RE: NOTICE: MC Support UPGRADE.” however only emails received after 01/03/2018. I assume we can just do -searchquery “Subject:’Content of Subject’ AND ReceivedDate:>01/03/2018” or something like that?
2)      We need to be able to search for subjects with special characters in. –searchquery “Subject:’RE: NOTICE: MC Support UPGRADE.’ Will currently give an error as it won’t like the : in the subject.
3)      We need to be able to search for the above criteria, but also potentially include only emails from certain email addresses. One of the phishing emails was “RE: Attention (Staff Migration)” which could be very close to something we actually send to users. The phishing email only came from a certain email though, so if we add an extra criteria for sender, that would help us focus the search.


Please can someone show me how to achieve this?

also I would appreciate if you any other suggestions for improvement.

$mbs = Get-Mailbox 

Select all Open in new window

…

Our client often gets complaint's from their customers not being able to send attachments through to them because they continuously get rejected for being too large.

They're using an on-prem 2010 Exchange server.  
The initial message size limit send/receive was set to 30MB.
Their hosted anti-spam solution, Trend micro, has a limit set for 50MB.
I changed the on-prem 2010 Exchange server send/receive to a limit of 50MB for troubleshooting purposes.

We still get bounce backs when sending anything typically over the size limit of 15MB. The message comes back indicating it exceeds the limit of 20MB.  After checking all the settings (that I know of), I don't know where the size limit of 20MB is being set.  I know that messages grow in size beyond the initial attachment limit, but not to this degree.

Is there anything specifically I've missed in checking?

Thank you!

When I go to the https://dmarcguide.globalcyberalliance.org/#/ website and type in the email domain name of my organization the SPF & DKIM results pass but for the DMARC test I receive a message that says "Thank you for getting started with DMARC. You are currently at the lowest level and receiving reports, which is a great starting point. Please make sure to review the reports, make the appropriate adjustments, and move to either quarantine or reject soon. Additional information about reporting tools can be found here" (see the second screenshot below).

When I click on here I am taken to this website https://dmarc.globalcyberalliance.org/dmarc-reporting-key-benefits-takeaways/.

What values do I need to change or what settings do I need to change within my external DNS server records so that I will pass the DMARC test for this globalcyberalliance.org website?

I currently have this TXT record setup within my public DNS records for DMARC:

_dmarc.domain.com.      3600      IN      TXT      "v=DMARC1; p=none; rua=mailto:postmaster@domain.com; ruf=mailto:postmaster@domain.com"


PLEASE NOTE: The actual domain name has been replaced with the word domain above and has been whited out in the screenshot for privacy purposes.