Messaging Gateway

 View Only

  • 1.  Is the mail with this subject is a sapm?

    Posted Dec 20, 2010 06:08 AM

    We have received a mail with the following subject-----

     

    cell phone health hazards: better safe than sorry...

    When I checked in the Message Audit Logs, I found the following message Id 

     

    <hydrazadtmvwvn20lbh00005a76@hydra.hostmysite.net> and under accepting column form the following IP 65.36.160.7

    Is this can be a spam and If so How can I find It?Urgent help is required...

    Thanks in Advance....



  • 2.  RE: Is the mail with this subject is a sapm?

    Posted Dec 20, 2010 07:38 AM

    If we want to enable any spam/email policy regarding this subject in brightmail, how can we do that...?



  • 3.  RE: Is the mail with this subject is a sapm?

    Posted Dec 20, 2010 09:32 AM

    Hello Prasad,

    First off i checked the ip address and it's not in Global Intelligence Network for Brightmail. So this address is not a real spammer or it's not tagged a spammer yet by Symantec.

    You have so many choices for catching spam mails manually.

    You can add ip address to local Bad sender ip addresses,you can add sender's email address to local bad sender addresses or you can create a content policy rule for subject.

     

    Tell what really you want from list then we can help you to do it :)

     

    Regards,

     

    Oykun



  • 4.  RE: Is the mail with this subject is a sapm?

    Posted Dec 20, 2010 01:34 PM

    Hi,

    Given the details above, I can't say for sure if it's a spam or not. What was the verdict of the email in the MAL? What action do you take for messages with that verdict?

    The sending IP is a mail server, not a bot IP and it isn't on any major anti-spam blacklists currently. The Accepted from IP and the domain in the Message-ID line are both from Newark, USA. However the subject line looks rather suspicious as it's a commonly cited news headline from back in July 2010 - spammers often scrape news feeds to make spam content look more legitimate and pretend that the email is related to current events.

    You can create a compliance rule to take actions on messages with a particular subject however if the goal here is to block spam that may not be effective as spam attacks typically change very quickly - it would be better to provide Symantec with visibility into the message. Note that multiple verdicts can trigger and the most agressive action will be taken - so for example if the message has a spam verdict and the action for spam is to delete, and it also has a compliance rule to quarantine, the overall action would be to delete.

    Hope that helps,

    Amanda



  • 5.  RE: Is the mail with this subject is a sapm?

    Posted Dec 21, 2010 12:46 AM

    If I want to create a content policy with that particular subject line.. how can I do that?

    If at all I created policy with that subject line will that effect other mails with this kind of subject.. because the subject may not be as the same.

    Actually when I checked from where it is originated, I could not find this mail in the senders mail box from where it is sent to other mail addresses in our environment. what that it indicate?

    Regarding compliance policy,.. is that same as content policy.. ? I tried to check with the ip and it has a valid mail address, So if that is the case how can I know whether it is a genuine or not..?

    Thanks in advance...



  • 6.  RE: Is the mail with this subject is a sapm?

    Posted Dec 21, 2010 03:45 PM

    Can you give us a bit more background on the situation here which would help us to give you better advice? Is this an inbound or outbound message? What's the verdict of the message in the Message Audit Log and what action was taken for this message? Is your concern because you think this a false negative (missed spam) or a false positive (legit email caught as spam) or something else?

    Compliance rule is the same as content rule - details on how to create a rule are outlined in the SBG administration guide. It will match the conditions you specify only.

    You've mentioned that you've checked the sender mail box - yet the Accepted From IP was external, this indicates to me that the From line might be forged to look like it's from your domain- is that the case?

     



  • 7.  RE: Is the mail with this subject is a sapm?

    Posted Dec 27, 2010 04:49 AM

    Yes it is seemed to be forged from our domain..

    It is showing as Inbound.. because the mail is sent to and fro with in the environment.The recipient recieved it from mail address of the same environment.But the sender did not send the mail.So it is from outside that took the local mail id and addresses it to other mail adress from that Local Mail Id.

    How to stop these kind of messages.... that are from outside but they seem to be originating from the same domain

    The main concern here is that these kind of messages seemed to be spam but SBG unable to Quarantine them but it is simply delivering them normally and also the users who are facing this kind of problem are running behind us all the time.

    Will this be stopped if we synchronize SBG with LDAP(RHDS)?



  • 8.  RE: Is the mail with this subject is a sapm?

    Posted Dec 27, 2010 05:10 AM

    cell phone health hazards: better safe than sorry...



  • 9.  RE: Is the mail with this subject is a sapm?

    Posted Jan 06, 2011 10:11 AM

    Without seeing the message, I can't tell you what category it is. However if the headers are spoofed then this indicates it is almost certainly spam.

    Enabling LDAP will prevent any messages from being sent to invalid recipients and help protect you against Directory Harvest Attacks, so that spammers cannot harvest email addresses in your company.

    For protecting against messages which are spoofed as being from your domain ensure that you have not whitelisted your own domain and check out this article: http://www.symantec.com/business/support/index?page=content&id=TECH90926