Blank sender RSS

1

Hello!
I receive lots of spam messages with blank sender.

Example 1
Version: 4.4 REGISTERED
Log Mode: Verbose
Server: 10serv.mydomain.loc
Source: SMTPSVC-1
Time: 17.05.2013 10:08:06
Class: Pass
Severity: Information
Actions: (not available)
Filtering Point: On Arrival
HELO/EHLO Domain: apn-77-114-71-179.dynamic.gprs.plus.pl
Related IP Address: 77.114.71.179
Message ID:
Email Subject: Are you ready to have best nights in your life?
Sender: (not available)
Recipient(s):
*
Message:
Email passed checks.
Example 2
Version: 4.4 REGISTERED
Log Mode: Verbose
Server: 10serv.mydomain.loc
Source: SMTPSVC-1
Time: 17.05.2013 10:14:22
Class: Pass
Severity: Information
Actions: (not available)
Filtering Point: On Arrival
HELO/EHLO Domain: 60.249.16.177
Related IP Address: 60.249.16.177
Message ID:
Email Subject: Give your wife more pleasure
Sender: (not available)
Recipient(s):
*
Message:
Email passed checks.


Configuration-Global-"Allow filtering DSN" is enabled.

What can be done to solve this problem?

Maksim.

by Maksim 1 year ago
2

@Maksim: The "Allow filtering Delivery Status Notification" option will only cause emails sent with blank SMTP sender addresses to be tested like all other regular emails (i.e., they will not be whitelisted), it will not automatically blacklist them.

If you wish to blacklist all emails with blank senders, follow the steps below:

1. Start the ORF Administration Tool
2. Expand Configuration / Tests / Tests in the left navigation tree and make sure the Sender Blacklist test is enabled
3. Expand Configuration / Tests / Sender Blacklist and click New
4. Copy\paste the following to the "Email address/Mask" field:
^\s*$
5. Set the "Masking type" to "Regular expression"
6. Add a comment, so you can identify the rejections triggered by this expression in the ORF Log Viewer (e.g. "blank sender filter")
7. Click OK
8. Press Ctrl + S to save your settings and to apply the configuration changes.

Note that this will also blacklist all legitimate Non-Delivery Reports, as those are also sent with blanks sender addresses.

by Krisztián Fekete (Vamsoft) 1 year ago
(in reply to this post)

3

@Krisztián Fekete (Vamsoft): Also, make sure your blacklist definitions are up to date and you are using the recommended blacklist (the sender IP is now listed by several blacklist providers):

http://vamsoft.com/support/docs/knowledge-base/recommended-dnsbls-surbls-agents

http://vamsoft.com/support/docs/knowledge-base/update-dnsbl-surbl-oldversion

by Krisztián Fekete (Vamsoft) 1 year ago
(in reply to this post)

4

@Krisztián Fekete (Vamsoft): Thank you for your help.

by Maksim 1 year ago
(in reply to this post)

5

@Maksim: You are most welcome :)

by Krisztián Fekete (Vamsoft) 1 year ago
(in reply to this post)

6

Hello!

Is there way to apply Grey Listing filter to blank-sender emails? I've removed line with '$' reg.expression from grey listing's exceptions but G.L. filter doesn't apply on such emails anyway :(

WBR,
Eugene.

by Eugene 1 year ago
7

@Eugene: Do you have the Whitelist Delivery Status Notifications option enabled by any chance (Whitelists / Sender Whitelist page)?

by Krisztián Fekete (Vamsoft) 1 year ago
(in reply to this post)

8

I can't find such option in version 4.4.

WBR,
Eugene.

by Eugene 1 year ago
9

In 4.4, it is on the Configuration / Global / Miscellaneous page of the Administration Tool. "Allow Filtering Delivery Status Notifications" must be checked in order to run tests (including Greylisting) on blank sender emails.

by Krisztián Fekete (Vamsoft) 1 year ago
10

Yes, this option is enabled. But log file shows that no tests were applied on emails with blank sender.
I follow your advice in #2 message. It works.

WBR,
Eugene.

by Eugene 1 year ago
11

^\s*$ - is good solution, but ...
In this case You can't send any mail to recipient, that use check "sender e-maial address check". Because you can't recieve (reject!) checking mail from recipient with blank sender!
And what to do in this case?

WBR,
Alex.

by ank1965 1 year ago
12

@ank1965: I am not sure I understand your question, could you clarify please?

by Krisztián Fekete (Vamsoft) 1 year ago
(in reply to this post)

13

Some antispam system in mail server, before passed incomming mail, try send letter with blank field "From" to address from field "From" in incomming mail. If this mail is not rejected - sender address is correct and incomming mail passed. This is wrong algorythm, but many antispam systems use it ("sender mail address check").

If I use "^\s*$" in test "Sender blacklist" before arrival, I can't send any mail to recipient, that use check "sender e-mail address check". Because I can't recieve checking mail from recipient with blank sender!
Set "On arrival" to test "Sender blacklist" maybe can help?

by ank1965 1 year ago
14

@ank1965: Thanks, now I understand. Yes, assigning the Sender Blacklist test to On Arrival should solve the problem theoretically, as the sender server performs the callback verification (also known as callout verification or Sender Address Verification) by issuing an RCPT TO: command (Before Arrival) and then quits.

by Krisztián Fekete (Vamsoft) 1 year ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

Nickname:
Email address (will not be published):
Your comment:

ORF Technical Support

Configuring, installing and troubleshooting ORF.

News & Announcements

Your dose of ORF-related news and announcements.

Everything but ORF

Discuss Exchange and system administration with fellow admins.

Feature Test Program

Feature Test Program discussion. Membership is required to visit this forum.

ORF Beta

Join the great bug hunt of the latest test release.

Customer Service

Stay Informed