mwalters 0 Posted August 15, 2014 Posted August 15, 2014 Greetings, Anti-spam has been up and running for quite some time on our Exchange server and it is catching most, but we are still seeing quite a bit of spam getting in to our users inbox. Maybe someone can help me with additional ways to stop it. I have all the spam Eset catches going into a spam inbox, and it is working well. I am also using 3 DNSBL (spamhaus, sorbs, spamcop) but I am still seeing a bunch of spam that is making it through from smptserver.submit in the message header. I will attach a screenshot of the message header for you to see. is there any way to block this from even getting to us? Is DNSBL the way to go as well in trying to eliminate spam or should I just go with ESet with a different configuration? I am just not sure we are using ESet to it's maximum potential or not on our Exchange server (we are running 2007 Exchange as FYI). Thanks a bunch for any help provided, Mike...
Chadh 45 Posted August 18, 2014 Posted August 18, 2014 Hello mwalters, From the image of the header you have provided, the item was marked as [Quarantine]. This is not the typical tag used by ESET Mail Security. Did you change the tag used for email detected as spam? Or, are you using another antispam product? In addition, please check the header of the email to ensure Mail Security scanned it. If Mail Security scanned it, the following entries will appear in the header of the email (writing information to headers of scanned email is enabled by default): X-ESET-AS: SCORE=20 X-MS-Exchange-Organization-SCL: 2 X-EsetResult: clean, is OK For more information about Antispam filtering and scoring, please click or copy/paste the following ESET Knowledgebase article into your web browser: How does Antispam scoring and email filtering work in ESET products? Every company receives their own unique combination of the types and senders of spam, so specific recommendations on configuration changes are unique to each customer. Because of this, the default settings for Mail Security are considered best practice. Here are some general recommendations to improve the spam detection and handling: Ensure the Mail Security software is the latest major revision (e.g. version 4.5.xxxxx) Ensure Mail Security is regularly updating its Virus Signature Database and Antispam rules Ensure all configuration settings to allow or block email are set correctly. Please keep in mind, when evaluating emails, Mail Security takes into account the configurations of:Any Mail Security rules The Mail Security Approved sender/IP addresses list The Mail Security Ignored IP sender/IP addresses list The Safe Senders list on the Exchange server The Allow IP list on the Exchange server The AntispamBypass settings for the recipient mailbox If you are receiving a large amount of undetected spam, please ensure your Mail Security settings are default. If you have confirmed the settings are default, but are still receiving a large amount of undetected spam, please contact your local ESET support for assistance. Thank you, ChadH
mwalters 0 Posted August 19, 2014 Author Posted August 19, 2014 Hi Chadh and thanks for the reply. Yep, we are using ESet for Exchange and all of our client workstations. I have all of our spam going to a quarantine mailbox, and ESet throws the Quarantine flag on it when it is sent there as in the screenshot I attached. I am writing the spam score to the header of the message, but if I tighten it down then quite a bit of valid mail is thought to be spam. I am not sure what else I can do to get the volume of spam to decrease any more. Can I filter out spam with keywords within a mail? Thanks a bunch, Mike...
Recommended Posts