Jump to content

mauirixxx

Members
  • Posts

    6
  • Joined

  • Last visited

Everything posted by mauirixxx

  1. Is this the correct location to turn on deleting a zip file with an exe inside it? ThreatSense engine parameter setup -> Options -> Potentially dangerous attachments ?
  2. Aloha, glad to see we have this capability now. In order to upgrade my EMSX install, do I have to uninstall the old version first, or can I install the new version over the old one?
  3. New wrinkle - I "ignored" the whole block of IP addresses: 64.98.42.1-64.98.42.254 And I'm still getting e-mails from those IP's rejected by the greylist engine. Should I move it from ignored to allowed?
  4. I had assumed this was a standard feature, which was the 2nd reason I convinced my boss to buy the product (first was the anti-spam feature). Since we use Eset on the desktop, it was an easy sell. And like the above posters, I can't just deny ALL zip files, as we e-mail AutoCAD files, which compress very well in zip files. I block THOSE, and I just blocked our money maker. That's not going to happen. How hard can it be to have the zip file list (not extract) the contents of the zip archive, then just grep for *.exe (or any other executable) and if ANY are found - block it! The Linux equivalent would be "unzip -l *.exe | grep .exe" In Windows, 7-Zip is free (even for commercial use), and provided it's installed to the system path, can be ran from the command line as well, like so: "7z l *.zip | find /i ".exe"" Food for thought
  5. Aloha, I'm running Mail Security for Exchange on Exchange 2010 and have turned on greylisting, which has helped a lot. However, I'm trying to see if I can "speed up" the greylisting process for legitimate e-mail. I'm constantly watching the greylist tab via ERAC, and have a whitelist policy I push out via ERAC that I update whenever I notice greylisting has caught a client, but it doesn't seem to matter to the greylist engine. We have a few clients whose provider uses the hostedmail.com e-mail service, specifically, their e-mails keeps coming from "smtprelay.b.hostedmail.com" which has multiple IP addresses. The problem I run into is the initial e-mail comes from that host via one particular IP address, gets rejected (as per greylist design), but the 2nd attempt to resend the mail comes back via a whole new IP address, starting the greylisting process over again! Is it possible to tell EMSX to allow email from that host no matter the IP, or do I really need to track down all the IP addresses associated with that host, so that the greylist engine won't hold up legit emails any longer then needed? Mahalo!
×
×
  • Create New...