Terrible flood of spam (Full Version)

All Forums >> [Microsoft Exchange 2007] >> Message Routing


slade8200 -> Terrible flood of spam (10.Jun.2010 11:33:44 AM)

Recently today a few of our users started getting emails from "microsoft outlook support" with subject "outlook setup notification". All of the emails had a 1KB attachment called open.html. The messages all have an SCL of 2 (so they aren't getting blocked and are clearly spam), and are from different IPs, some international (I noticed in the headers some were .ru and .ar). Isn't here a list that Exchange downloads with updates of spam IPs? What's the best thing I can do here, block any email with the subject "microsoft outlook support"? Thanks for the help.

mark@mvps.org -> RE: Terrible flood of spam (10.Jun.2010 12:09:19 PM)

What anti-spam package do you use and has it been updated? Have you called the vendor to ask why it hasn't been and when you can expect one?
You can do all sorts of blocking with Edge or HT rules in Exchange but you should fix the problem rather than mess about with Exchange to implement a potentialy flakey workaround.

slade8200 -> RE: Terrible flood of spam (10.Jun.2010 12:31:20 PM)

I'm not sure what package we use or even if we are using one. We have a small company (25 people) and I'm new to the Exchange admin stuff but have been messing around with content filtering for awhile. What are some examples of anti-spam packages?

utahbmxer -> RE: Terrible flood of spam (10.Jun.2010 6:39:30 PM)

Our organization got flooded with this as well.  We have several things infront of our Exchange server: Barracuda -> Symantec Mail Security for SMTP -> Exchange 2003 (w/ SMSME).  Our barracuda caught a lot of them, but some still slipped through to exchange.  After poking around in the message Headers, I just setup a rule to block any messages at our Baracuda spam firewall that contain X-Mailer: The Bat! (******) in the headers.

After doing this, no more of these made their way though.  To clean up the mailboxes, I just added a File rule to look for attachments named "open.html" and delete them.  Problem solved for me.  Good luck.

Page: [1]