DanAvni
-
Posts
11 -
Joined
-
Last visited
Posts posted by DanAvni
-
-
Marcos, I am using version 5 if that matters. So my understanding is that you *do* recommend using both the "eset mail security" on the exchange server and on the end points the anti spam provided by "eset endpoint security". Am I correct?
-
Hi
We have email security for exchange installed and it is performing well in filtering out spam. It does from time to time miss out on some spam emails which users get to their mailbox. Since on the end points we have endpoint security installed, I was wondering if there is any reason I should not turn on the spam protection in the end point and integrate it into Outlook. This way spam users can reclassify and submit missed spam and also have another layer of protection if by any chance the exchange module missed something (or if the user is downloading emails from another account that is not exchange).
When installing the product I think that eset told me to disable the email protection on the end point but I am not sure. Anyway, is there any reason not to run anti spam both on the exchange server and on end points?
-
triamed, ESET pulled logs from my machine and it (probably) turns out it was a custom RBL I added (barracuda RBL) that was causing all the problems. once it was removed things got normal and sender has spammy reputation (100%) does not appear as much (for almost two weeks now it has run without any FP's and with very few that got only 100% on spammy reputation)
-
triamed, Thanks for the update. It's a shame that ESET do not provide any solution to this. I am pulling all strings here (forum and I have an open ticket with ESET on this). I hope one of the ways will resolve the issue. If it does I will update this thread with info
-
Please send me an example of a non-spam email that was quarantined with the reason "sender has spammy reputation".
Any solution to this issue? I am seeing a lot of legitimate emails being rejected only based on "Sender has spammy reputation 100%". Could this be a config issue? IS there a way to make this reputation not a disqualifying thing? i.e. it adds X points to the score but does not disqualify an email only based on reputation.
Samples as requested:
Sender has spammy reputation (100%)
IP address: 192.114.66.139
HELO domain: fss5.bezeqint.net
Sender has spammy reputation (100%)
IP address: 109.226.25.38
HELO domain: ns-ilhost1.ns-systems.com
Sender has spammy reputation (100%)
IP address: 209.85.213.50
HELO domain: mail-yh0-f50.google.com
-
for my understanding: If I create a zip rule, I assume it will block all zip files. Am I correct? I want to allow zip files in but I do not want nested zip files with exe files inside them
I enabled the potentially dangerous attachments. does this also scan inside zip files? and specifically nested ones?
-
I have set up rules in the Rules config section to do the following:
1. smart block of all exe files (also included *.scr)
2. dangerous executables to block among other extensions *.scr
on of my users got an email with a zip file. inside the zip was another zip and inside it a filename with scr extension.
How did the scr file passed both rules and got to my user mailbox? Doesn't the Rules config search inside attached archives for blocked files?
-
Some legitimate emails are being rejected by Mail Security for Exchange with the reason "Sender has spammy reputation (100%)". When observing the email additional info I see that they are originating from ISP mail servers which of course could be listed as sending spam but that alone should not cause an email to be rejected.
Sample headers of rejected emails:
Sender has spammy reputation (100%)
IP address: 80.179.55.184
HELO domain: mtaout28.012.net.il
Sender has spammy reputation (100%)
IP address: 192.114.66.144
HELO domain: fss1.bezeqint.net
Is there any way to either:
1. Specify ISP domains so that for them spammy reputation is not checked
2. Specify ISP domains so that for them spammy reputation is not the only factor in rejecting a message
I do not want to whitelist the ISP server as spam might still come from these servers. I just want to have some more indicators before rejecting a message from known ISP mail servers.
Other ideas are welcome as well
-
The manual with all due respect is pretty much useless. If you look on what is explained on RBL it says I can add a new RBL server and I am able to set the server address, response and score. No explanation about the score, no samples, nothing useful. The manual simply tells me what I am seeing on the screen.
-
I am in the process of evaluating ESET and after installing the AntiSpam app on my exchange 2007. Since then spam has taken a turn for the worst.
Before ESET I was using VIPRE antispam. All users would get maybe one spam a week and most of it would be blocked and we would never know how much spam is actually being blocked. We also had very rarely a false positives that would get blocked (none that come to mind now)
On ESET I personally got over 40 spam emails in my Junk email folder and 5 spam emails in the Inbox. All in just 12 hours. Other users are getting spammed as well. This change requires a lot of adjusting from my users as they are used to having almost no spam and suddenly they are getting a lot of it.
So I figured I must have some settings not running on their optimal level or something.
So my questions are:
1. When looking into and comparing to what I had in VIPRE I saw that by default ESET does not use RBL. Is there a reason? I tried registering at barracuda RBL but I have no idea what score to give it on the ESET settings. Any assistance in there would be appreciated (What RBL to use, How to set it up, etc).
2. Is there a way to change the subject of the Maybe Spam emails in my inbox to include [sPAM?]. Just so users will know to be suspicious about these emails.
3. What is the recommended approach and pros/cons of using quarantine mailbox instead of the retain in the mailbox option? For one thing it will keep it much more quiet for my users as most spam will be in that mailbox but what are the other considerations/best practices here?
4. Any other settings I should set to have it filter spam? I am looking for real life settings/best practices and not some theoretical ideas.
Thanks
3CX Phone for Windows
in ESET Internet Security & ESET Smart Security Premium
Posted
I had the exact same problem just now and spent a few hours trying to figure out the problem. Indeed disabling the protocol filtering helps and I have excluded the entire machine from protocol filtering.
This was all working up until this morning so probably one of the latest updates got the problem back. Marcos, what information do you need to fix this in the modules level so I don't have to exclude the PBX IP address from protocol filtering?