Messaging Gateway

Hi,

Anyone else having trouble with this? I'm finding it impossible to combat using Brightmail Gateway. I'm getting hit hard from hotmail and gmail everyday. If anyone knows some tips to combat this, that'd be great.

Bump... Still getting a ton of spam from these addresses. Would love some help.

What is your current configuration under Reputation, Bad Senders?
What version of SBG are you running?

Running latest version 9.

Under bad senders, I have Symantecs Bad List, Thrid Party (zen etc), directory harvest, email virus attack.

If most of this content is coming from 'generally reputable' ISP's you probably want to look towards turning your content based scanning vs. connection based scanning. One example, is ensuring you have recipient validation turned on, and you may want to try enabling the new probe participation features.  Another possibility is to lower your suspected spam threshold.

If the spam you are receiving is targetting your environment specifically, you may want to consider looking for common patterns and leveraging content filtering policies to help combat the problem.

Please let us know if you have success with any of these.

just get the email addresses of the particular mail (hotmail and gmail) that u received and then add this email address to Local Bad Senders...

They randomly generate their alias, so that's a lot of work,

I should add, this only changed when I moved from SMTP Security to Brightmail Gateway. IMO, SMTP Security stopped a lot more spam than Brightmail seems too. Even though they are essentially the same product.

SBG contains the same anti-spam technology modules and more than SMS for SMTP. Over 80% of all spam is sent using botnets. As we and other security vendors have got better at blocking these bad IPs where spam attacks come from, spammers are starting to move to clean IP sources, such as free webmail providers, where they know the IPs are much less likely to get blacklisted. So basically there's more of this kind of spam around than there was before. Overall most of this should still be blocked with content filters. For more details on the latest spam trends go to www.symantec.com/spam

I would second the recommendations above to ensure you have recipient validation turned on and try adjusting the suspect spam threshold. I would also recommend enabling the new Probe Participation feature so that Symantec can have as much visibilty as possible into the variants hitting your site for potential filter creation.

I see no help coming from Symantec regarding this issue - spam from hotmail/gmail/yahoo

I have been sending/forwarding the spam messages to 'Gsubmit@submit-1.brightmail.com' but there hasn't been any improvement.

Turning on Recipient Validation has no benifits.  

What I noticed with all these messages is - the IP address listed under 'X-Originating-IP' field in the header is mostly a 'Global Bad Sender'

 Here is an example: 

Received: from BMGATEWAY (192.168.2.7) by mailserver
 (192.168.2.10) with Microsoft SMTP Server id 8.1.393.1; Wed, 5 May 2010
 09:48:43 -0400
X-AuditID: c0a80207-b7b9bae000002514-7e-4be1778a7331
Received: from snt0-omc4-s43.snt0.hotmail.com (snt0-omc4-s43.snt0.hotmail.com
 [65.54.51.94]) by BMGATEWAY (Symantec Brightmail Gateway) with SMTP id
 33.C4.09492.A8771EB4; Wed,  5 May 2010 09:50:03 -0400 (EDT)
Received: from SNT136-W35 ([65.55.90.200]) by snt0-omc4-s43.snt0.hotmail.com
 with Microsoft SMTPSVC(6.0.3790.4675);  Wed, 5 May 2010 06:50:01 -0700
Message-ID: <SNT136-w35021166915B01531D328BCBF40@phx.gbl>
Return-Path: dorrigkzpqgvjj@hotmail.com
Content-Type: multipart/alternative;
 boundary="_c58898ba-a182-4b38-b259-72e1b26bbb86_"
X-Originating-IP: [201.248.145.221]
From: Dorri Moan <dorrigkzpqgvjj@hotmail.com>
To: <info@zenmotostore.com>
Subject: Oem softwaare, weeIkyy_disconuts
Date: Wed, 5 May 2010 13:50:01 +0000
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 05 May 2010 13:50:01.0133 (UTC) FILETIME=[DB70D5D0:01CAEC59]
X-Brightmail-Tracker: AAAABAYrW5EUDAdXFAyh2xQM2D8=


 

---