Announcement

Collapse
No announcement yet.

how to block image based spam?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • how to block image based spam?

    hi,
    im using Exchange 2003 on SBS 2003.

    as from last month we started receiving spam that comes in pictures.
    so our fortigate100 anti spam just wont block it.

    is there a way in exchange to block it?
    or Brightmail is my only answer?

    do u have any other ideas on how to deal with the subject?
    even if its not microsoft based solutions...

    10x alot,
    Or Czerninski
    [email protected]
    [email protected]
    http://www.originull.com
    Last edited by orczer; 18th December 2006, 15:05.
    Best regards,
    Or.

  • #2
    Re: how to block image based spam?

    Exchange 2003 comes with two notable spam filtering methods 1) IMF 2) DNS blacklists. Blacklists are controvertible and many disagree with that method. I however am a big fan, as long as legit emails that get blocked receive a clear and concise message on how to correct the issue (meaning: remove themselves from the blacklist)

    In your case, I am familiar (not by choice) with the spam you are referring to, and would recommend the blacklist.
    "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

    Comment


    • #3
      Re: how to block image based spam?

      10x Lior,

      how can i connect my exchange server with one of the big dnsbl providers (cbl for example)?

      Or Czerninski
      [email protected]
      [email protected]
      http://www.originull.com
      Best regards,
      Or.

      Comment


      • #4
        Re: how to block image based spam?

        Instead of retyping an explanation I will direct you to here. Also the only entry you will need in step 7 is sbl-xbl.spamhaus.org

        I would NOT add any other ones.
        "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

        Comment


        • #5
          Re: how to block image based spam?

          hi Lior,
          i wanted to thank u for ur help.

          i defined spamhaus at my server and the spam reduced by half.

          now i have installed Service Pack 2 to xch and im trying to defined the intelligent message filtering to enhance my spam blocking capabilities. wish me luck!

          thanks a lot

          Or Czerninski
          [email protected]
          [email protected]
          http://www.originull.com
          Best regards,
          Or.

          Comment


          • #6
            Re: how to block image based spam?

            If you are interested in spending $625 for 25 mailboxes, I have been using GFI MailEssentials (and IMF) with excellent results. GFI has a filter that looks for spam composed of images.

            With IMF and GFI MailEssentials 12, between 70% - 90% of all incoming mail is SPAM and is getting caught and redirected.
            Network Engineers do IT under the desk

            Comment


            • #7
              Re: how to block image based spam?

              hi Rob,
              625$ is not much, but only in january i will get a new budget...

              is it better then brightmail?


              Or Czerninski
              [email protected]
              [email protected]
              http://www.originull.com
              Last edited by orczer; 24th December 2006, 15:44.
              Best regards,
              Or.

              Comment


              • #8
                Re: how to block image based spam?

                I have never used Brightmail, but GFI and a fully functional evaluation copy at http://www.gfi.com/mes/
                Network Engineers do IT under the desk

                Comment


                • #9
                  Re: how to block image based spam?

                  Hi

                  some one of my friends talked about greylisting... maybe it will help you.
                  its free

                  http://projects.puremagic.com/greylisting/

                  but i think you will need a linux box to get the mail first and route it to your exchange...

                  here a little part from the website

                  What is Greylisting?

                  Greylisting is a new method of blocking significant amounts of spam at the mailserver level, but without resorting to heavyweight statistical analysis or other heuristical (and error-prone) approaches. Consequently, implementations are fairly lightweight, and may even decrease network traffic and processor load on your mailserver.

                  Greylisting relies on the fact that most spam sources do not behave in the same way as "normal" mail systems. Although it is currently very effective by itself, it will perform best when it is used in conjunction with other forms of spam prevention. For a detailed description of the method, see the Whitepaper.

                  The term Greylisting is meant to describe a general method of blocking spam based on the behavior of the sending server, rather than the content of the messages. Greylisting does not refer to any particular implementation of these methods. Consequently, there is no single Greylisting product. Instead, there are many products that incorporate some or all of the methods described here.
                  MCSE 2000 Done
                  RHCE Done

                  Comment


                  • #10
                    Re: how to block image based spam?

                    The problem with greylisting is that it relies on the sending SMTP server to resend failed messages. The greylist server waits for this retry and if it does not receive it, there is a good chance that the e-mail will get dropped.

                    Many SMTP servers do not retry sending failed deliveries so the potential is here for a lot of legitimate e-mail getting dropped. The other problem is the delay delivering mail as a greylist server waits for a resubmission.

                    If I can put in another plug for GFI MailEssentials, it incorporates:

                    Realtime blocklists for phishing (checks for updated list every 10 minutes)
                    Directory Harvesting
                    Custom Blacklist (user defined)
                    Bayesian Analysis (checks for updates every 24 hours)
                    DNS Blacklists (7 lists, spamhaus, dsbl, spamcop, njabl,...)
                    SPAM realtime blocklists (surbl.org)
                    Header Checking
                    Keywork Checking
                    Network Engineers do IT under the desk

                    Comment


                    • #11
                      Re: how to block image based spam?

                      There are also a number of services that will clean your mail for you. If you want I can put you in touch with such a mail service which starts at around $2/mbx/month for 10 mailboxes and drops as the number increases.
                      TIA

                      Steven Teiger [SBS-MVP(2003-2009)]
                      http://www.wintra.co.il/
                      sigpic
                      I’m honoured to have been selected for the SMB 150 list for 2013. This is the third time in succession (no logo available for 2011) that I have been honoured with this award.

                      We don’t stop playing because we grow old, we grow old because we stop playing.

                      Comment


                      • #12
                        Re: how to block image based spam?

                        I have greylisting on a number of sites and it is my primary attack method for spam now. It isn't the sole defence mechanism, but it is the first approach. It has dealt with significant amounts of spam messages for my clients.

                        When I deploy greylisting I always run the application (in my case Vamsoft ORF) in report only mode for a week. This lets it build up a white list of messages. Once it has been running in report only mode I activate it and watch the logs very carefully to ensure that required email is being received.

                        Greylisting is not the only tool to use - and it isn't suitable for everyone (particularly anyone who has time sensitive email that are received from new senders all the time) but I have seen particular success with it.

                        At home, I run greylisting with IMF enabled on the Exchange server. I have an older antispam application behind (Sunbelt Software I Hate Spam) which is almost redundant as IMF and greylisting are dealing with most of the garbage.
                        I will be migration to Exchange 2007 shortly, and intend to use native tools only for spam protection (mainly because it looks like it might be enough, but also to prove that).

                        I don't use RBLs on a point of principle. I don't like the idea of someone else deciding what messages I can receive.

                        Don't purchase anything without testing it first. If the vendor will not allow you to evaluate the software, walk away.
                        Different sites receive different types of spam and different types of messages.

                        For example, I did one site in the summer that was a finance company, who dealt with loans and mortgages and most of their email was about that.
                        Every antispam application we tried caught legitimate email - which was unacceptable to the client.
                        We eventually had to approach one of the outsourced spam application companies who built a custom installation on custom servers which the client has exclusive access to. The cost is very high for that client, but they felt that it was worth it - one successful mortgage application pays for the solution for half of their staff for a month - so having just one message not blocked was a big issue for them.

                        GFI ME works very well for many sites, and as an "out of the box solution" it is one of the first I tend to suggest looking at. However it is not always the best solution for everyone.

                        Simon.
                        --
                        Simon Butler
                        Exchange MVP

                        Blog: http://blog.sembee.co.uk/
                        More Exchange Content: http://exchange.sembee.info/
                        Exchange Resources List: http://exbpa.com/
                        In the UK? Hire me: http://www.sembee.co.uk/

                        Sembee is a registered trademark, used here with permission.

                        Comment

                        Working...
                        X