Search the Community
Showing results for tags 'message quarantine'.
We have been having the most annoying spam problem for the last week with "Eset Mail Security for Exchange" (EMSX from here onwards) and Exchange 2007 (on an SBS2008 server). The spams started last Friday, and are typified by having a "Return-Path" in the header as: "<>". EMSX correctly identifies all these emails as spam, and says it has shifted them to the Quarantine as we have configured it to do. However the offending emails with a blank return path sender are actually being delivered to the end user's mailboxes instead of the quarantine! I spent several days faffing with various of my own fix attempts, before finally reporting it to Eset NZ (Chilisoft). Eset were aware of the problem, and had been attempting various fixes themselves for another site. In the end ESET's devs have discovered it was an Exchange problem, where Exchange was stopping ESET or itself from writing anything to the headers of the emails. Their offered work-around today was: Since we get too many false positives to make me happy to use the first suggestion, that only left the second. I tried creating the Sender Filtering for an email address called "<>" and set it to "Stamp Message as Blocked Sender" (since I also wasn't keen to reject these messages without knowing what effect it would have). However, it soon became apparent that this wasn't working, presumably because Exchange isn't writing to the headers, so of course it doesn't write the Blocked Sender message on the message. DOH! Should have realised that would be the case! Since ESET narrowed down the problem and issued their work-around earlier today, I've tried various other fixes in an attempt to find one that is acceptable for my environment until a long term fix can be put in place. I finally cracked it tonight with the following "Transport Rule" in Exchange. This method is flexible and powerful enough to allow you to process these spams in pretty much any way that suits you and is totally safe too! Open “Exchange Management Console” . Go to: Organization Configuration > Hub Transport > Transport Rules . Choose create a new Rule. . Give it a name: I chose “Blank Sender Spam Filter Rule” . Give it a helpfully descriptive comment to remind you what the rule is for in future. I chose: “Spam Processing rule for Blank Sender in the "Return Path" (displays as "<>") with SCL above 7 (to let OutOfOffice messages through untouched). This rule is created to overcome a problem where spam with no return path gets corrected detected and marked as being sent to Quarantine, however the mail actually passes through to the mailbox untouched, and not marked as spam or removed. This is an Exchange Problem, but it also affects "Eset Mail Security for Exchange", since Exchange2007 blocks writing to the headers of these emails.” . The most important bit is on the “Conditions” page, you tick: “When a message Header contains specific words”. Then click the underlined “message header” at the bottom and type “Return-Path” and click the underlined “Specific Words” and type “<>” (both without the speech marks). “When a Spam Confidence Level (SCL) rating is greater or equal to a limit”. At the bottom choose something like 7 or 8 for this limit. This will hopefully allow Out Of Office replies from external sources (which also often have an empty Return Path) to pass through to the intended recipient untouched by this rule. Before I added this extra condition, OoO replies were being quarantined too. figure 1 : screen grab summary of the “conditions” page . For the Actions page you can choose your own actions as suits your needs. I have chosen for now to tick: “log an event with message” so I can track how often the rule is being triggered, it also helps with testing. “prepend the subject with string“ to add a distinctive spam label so I know where the message is coming from. I chose: [spam-TransportRule] “redirect the message to addresses” and send it to your quarantine mailbox address for monitoring. figure 2 : screen grab summary of the “actions” page. . When you know the rule is working safely to your liking and not capturing any false positives, you could choose to delete or reject the message on this action page instead of redirecting and labelling as spam. . Hopefully this simple Transport Rule creation wizard will help others to be rid of this Blank Sender spam until a more permanent fix can be found by ESET or Microsoft, and will save a few of you some hair-pulling frustration! Hope this helps a few other people... Mike
Guest posted a topic in ESET Products for Windows Serversi'm receiving about 10,000 spam emails a day. I have used the setup guide and can't seem to get the spam to filter. it seems to be getting the viruses out of the email but the spam is killing me. HELP SOMEONE PLEASE! I managed to setup 4.2 and have all my spam quarantined to 1 box called firstname.lastname@example.org but with 4.5 i can't get it to filter except for about 5 emails an hour. i've adjusted my scl ratings. please help.