Announcement

Collapse
No announcement yet.

Reverse DNS Lookup for incoming messages

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Reverse DNS Lookup for incoming messages

    In a bid to reduce the stupid amount of spam that I get I enabled Reverse Lookup on Incoming messages in ESM.

    This issue is that it didn't seem to stop spam at all. Made a lot of extra logs though.

    Even with is enabled I get spam but presumably from good domain names. Have I missed something or do others find that this feature is useless.

  • #2
    Re: Reverse DNS Lookup for incoming messages

    IMHO, that option is almost 100% completely useless.

    Most of the spam that is sent is going to be spoofed from a valid domain name. All rDNS is going to do is make sure that the domain name is valid, when it passes that check Exchange sees the email as valid and passes it on through.

    Comment


    • #3
      Re: Reverse DNS Lookup for incoming messages

      IMHO, that option is almost 100% completely useless.
      Yup it would be 100% useless as that is not what it does.

      MS apparently had a lot a lot of confused people so they released this

      In any case, darrenst, read this thread here (carefully) for more info
      "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

      Comment


      • #4
        Re: Reverse DNS Lookup for incoming messages

        Better use an anti spam software. either for the clients or for the server
        SpamBully is a very good program (and I'm not working there...) for the client. I guess there are good enough programs for the servers.

        Comment


        • #5
          Re: Reverse DNS Lookup for incoming messages

          We use Ironport - which uses a detailed examination of the email's content, headers and "character" - along with sender-based and blacklist-based checks, to decide if something is SPAM or not. It also incorporates attachment filtering as part of the product. I have to say it is nothing short of BRILLIANT. I receive literally NO SPAM at work, and in addition to this, in 5 months of working there I have not lost ONE SINGLE legitimate email. Not one. One with an EXE was quarantined, but that was easily and immediately released by our messaging team.

          I have no idea on pricing, but for features, capabilities and sheer reliability it gets my vote every time.


          Tom
          For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

          Anything you say will be misquoted and used against you

          Comment


          • #6
            Re: Reverse DNS Lookup for incoming messages

            hmm. Thanks for that.

            I'll look into those suggestions. The main problem I have is that the Outlook spam filter works just fine and manages to figure out all the spam BUT that doesn't really help my email server from processing all the extra mail.

            Not to mention all the bandwidth being consumed by a load of junk.

            Does IronPort work like messagelabs as in is it an external smart host?

            Comment


            • #7
              Re: Reverse DNS Lookup for incoming messages

              i employee the same product as Stonelaughter and i love it.

              it does a very good job at stopping spam and does an even better job at not generating false positives..

              in my line of work, i cannot afford spammers but i cannot afford messages getting blocked either. this is one reason i like ironport. it takes care of 95% of all spam, and it (knock on wood) has never restricted a valid email as spam.

              it also reports to a "spammer" database somewhere, so you can block spam before it ever even finds your domain.

              we run a c100 right now and it is more than sufficent for the 500 users we have, and we orderd a second one to go at our DR facility so we have spam free mail on site or in the event of a fail over.

              good stuff.

              **EDIT**

              sorry, i forgot about your iron port questions...

              it works like an other mail gateway appliance. (internet)--->[ironport] ironport integrates with AD as well as doing the rdns stuff. if the recipient is not in AD, then the session terminates w/o errors. this prevents passive recipient searching--->[Exchange B/E] clean mail is delivered tot he BE server.------->[Exchange F/E] all this thing does is handle OWA and activesync requests. it is no longer burdened with spam prevention and/or message routing.

              if you can, sign up with the ironport. it is one of the nicer products out there...

              and BTW, they just got bought by Cisco... (i think this is a good thing)
              Last edited by James Haynes; 7th February 2007, 18:51. Reason: im still having my coffee.. sorry.
              its easier to beg forgiveness than ask permission.
              Give karma where karma is due...

              Comment


              • #8
                Re: Reverse DNS Lookup for incoming messages

                Originally posted by James Haynes View Post
                i employee the same product as Stonelaughter and i love it. ... <snip>
                Funny - you have the exact same name as a guy I knew at school...


                Tom
                For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

                Anything you say will be misquoted and used against you

                Comment


                • #9
                  Re: Reverse DNS Lookup for incoming messages

                  Originally posted by James Haynes View Post
                  it works like an other mail gateway appliance. (internet)--->[ironport] ironport integrates with AD as well as doing the rdns stuff. if the recipient is not in AD, then the session terminates w/o errors. this prevents passive recipient searching--->[Exchange B/E] clean mail is delivered tot he BE server.------->[Exchange F/E] all this thing does is handle OWA and activesync requests. it is no longer burdened with spam prevention and/or message routing.
                  hmm, exchange can do all that, I suppose you would need 1000+ heavy email users to justify an Ironport appliance, anyone know the price range?

                  enjoy your coffee ( I hope its not cold by now)
                  "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

                  Comment


                  • #10
                    Re: Reverse DNS Lookup for incoming messages

                    Originally posted by Lior_S View Post
                    hmm, exchange can do all that, I suppose you would need 1000+ heavy email users to justify an Ironport appliance, anyone know the price range?

                    enjoy your coffee ( I hope its not cold by now)
                    I got to see a presentation on IronPort a few months ago.
                    IronPort appliances start at about $5k/yr. for about 100-200 users. From what I understand it's the sender reputation filter that makes it so effective. I've heard nothing but rave reviews on their products. And they also have some pretty big clients like Dell, eBay, and UPS to name a few.
                    Regards,
                    Jeremy

                    Network Consultant/Engineer
                    Baltimore - Washington area and beyond
                    www.gma-cpa.com

                    Comment


                    • #11
                      Re: Reverse DNS Lookup for incoming messages

                      Originally posted by JeremyW View Post
                      I got to see a presentation on IronPort a few months ago.
                      IronPort appliances start at about $5k/yr. for about 100-200 users. From what I understand it's the sender reputation filter that makes it so effective. I've heard nothing but rave reviews on their products. And they also have some pretty big clients like Dell, eBay, and UPS to name a few.
                      ...and E.On - Europe's biggest Energy Group.


                      Tom
                      For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

                      Anything you say will be misquoted and used against you

                      Comment


                      • #12
                        Re: Reverse DNS Lookup for incoming messages

                        Originally posted by JeremyW View Post
                        I got to see a presentation on IronPort a few months ago.
                        IronPort appliances start at about $5k/yr. for about 100-200 users. From what I understand it's the sender reputation filter that makes it so effective. I've heard nothing but rave reviews on their products. And they also have some pretty big clients like Dell, eBay, and UPS to name a few.
                        Sound interesting, I would love to get one . The last cool product i got to play with was a sun x4200. They had a really cool trial program where they encourage you to just play with it, even if you plan to return it. Anyway Ironport sounds like a good product, (although expensive).
                        "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

                        Comment


                        • #13
                          Re: Reverse DNS Lookup for incoming messages

                          Originally posted by JeremyW View Post
                          I got to see a presentation on IronPort a few months ago.
                          IronPort appliances start at about $5k/yr. for about 100-200 users. From what I understand it's the sender reputation filter that makes it so effective. I've heard nothing but rave reviews on their products. And they also have some pretty big clients like Dell, eBay, and UPS to name a few.
                          At that price it would have to be good.
                          1 1 was a racehorse.
                          2 2 was 1 2.
                          1 1 1 1 race 1 day,
                          2 2 1 1 2

                          Comment


                          • #14
                            Re: Reverse DNS Lookup for incoming messages

                            Originally posted by Stonelaughter View Post
                            ...and E.On - Europe's biggest Energy Group.
                            I just ran through the PP presentation again... here's a pic with some of their clients
                            Click image for larger version

Name:	IPC.jpg
Views:	1
Size:	45.1 KB
ID:	462983
                            Regards,
                            Jeremy

                            Network Consultant/Engineer
                            Baltimore - Washington area and beyond
                            www.gma-cpa.com

                            Comment

                            Working...
                            X