Persistent spam RSS

1

I have one user that gets several spam e-mails each day. They come with random subjects, random sender e-mail addresses, and different IP addresses (but in a range). I am struggling to see how to configure ORF to block these e-mails without doing something every day in a react mode, which never seems to work.

I can provide a log extract of the last 24 hours for the affected e-mail address (can provide more if that would be helpful) ... and anything else you need. Please let me know how to proceed.

by netman 5 years ago
2

@netman: Please send us the following information and files to :

* Your current configuration file called orfent.ini (located in Program Files (x86)\ORF Fusion by default)
* Your recent log files from the past few days (e.g., orfee-2013-12-12.log, orfee-2013-12-11.log, etc. located in Program Files (x86)\ORF Fusion by default). Please send raw .log files, Log Viewer CSV exports are not suitable.
* A few spam samples which made it through filtering, which consist of the original emails in EML or MSG format (EML preferred) and the original MIME header in a separate TXT file. (Forwarded emails are not suitable). The MIME header can be retrieved by opening the email in Outlook and selecting View | Options... (or Message options) from the menu. If you use another email client and do not know how to retrieve the email headers, please visit http://www.spamcop.net/fom-serve/cache/19.html for instructions.
* the email address of the recipient

We will look into this.

by Krisztián Fekete (Vamsoft) 5 years ago
(in reply to this post)

3

I have just sent an e-mail with part of the requested information. I am working to get some sample e-mails and will send them ASAP.

by netman 5 years ago
4

Additional e-mail just sent with today's daily log file to date plus one sample e-mail and MIME header in text file.

by netman 5 years ago
5

Additional e-mail sent with 3 more samples from today, along with MIME headers and latest raw log file from today.

by netman 5 years ago
6

@netman: Thanks for the files, I replied in email.

by Krisztián Fekete (Vamsoft) 5 years ago
(in reply to this post)

7

@Krisztián Fekete (Vamsoft): My reply bounced back:

#5.2.1 smtp;550 5.2.1 Mailbox unavailable. Sorry, we do not accept emails from Hungary. #SMTP#

Please whitelist our IPs (195.228.135.154, 213.46.255.2) and I will retry.

by Krisztián Fekete (Vamsoft) 5 years ago
(in reply to this post)

8

Added both IP addresses to whitelist.

by netman 5 years ago
9

@netman: Thanks, I resent my reply.

by Krisztián Fekete (Vamsoft) 5 years ago
(in reply to this post)

10

I continue to get very similar spam and creating manual ip blacklists and some regex expressions for keywords has been the only thing I've found to be remotely successful. As the original poster mentioned these are daily type spam emails and almost always get past ORF's filtering.

If you find something that works to cut down or eliminate this type of spam, please let me know.

Thanks
Josh

by Josh 5 years ago
11

@Josh: Josh:

The support staff helped me out. After I sent in my documentation, they noticed that I was running an older version of ORF, Version 4.4. There is a bug in that version (and earlier versions) that affects the URL Blacklist lookup. The solutions were to upgrade to Version 5 or implement a workaround. I implemented the workaround and it has helped. See the following link:
http://vamsoft.com/support/docs/knowledge-base/orf-issue-history
It is the first issue in the link.

Hope this helps.

Ron

by netman 5 years ago
(in reply to this post)

12

@netman: Ron,

Thanks for the reply. I'm running the latest version 5.1 so I may just be lucky and getting first dibs on new spam urls.

Josh

by Josh 5 years ago
(in reply to this post)

13

@Josh: Josh:

You may want to engage the support staff on this. They had me send in some examples and the MIME headers, which led them to my solution. Perhaps with some examples they can help you out.

Ron

by netman 5 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

Nickname:
Email address (will not be published):
Your comment:

ORF Technical Support

Configuring, installing and troubleshooting ORF.

News & Announcements

Your dose of ORF-related news and announcements.

Everything but ORF

Discuss Exchange and system administration with fellow admins.

Feature Test Program

Feature Test Program discussion. Membership is required to visit this forum.

ORF Beta

Join the great bug hunt of the latest test release.

Customer Service

Stay Informed