This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

A lot more spam over last 1-2 months

We have Mail Protection license on one of our UTM120s and we've been getting considerably more spam over the last 1-2 months. For the longest time it filtered out almost all the junk mail, but now I'm getting 20+ spams a day in my email box. Not sure whats going on, but it feels like the spam filters are no longer working as efficiently.

I am currently using the following RBLs in this order:

1. zen.spamhaus.org
2. bl.spamcop.net

I have the filter set to block "Confirmed Spam".

Not sure if this is the problem or if should be looking elsewhere. As I said, it worked fine for months but the last month or two has been quite ugly. For the cost of the license it should be working better of late. I get more spams than legitimate emails now. I have not made any changes to the settings in the UTM120 in months so its not because of anything I might have changed.

Thanks,
Chris

This thread was automatically locked due to age.

Parents

0 UDPride over 10 years ago

Welp, turning on Reject Invalid HELO/missing RDNS didnt do much. So I just turned on Do Strict RDNS checks. We'll see what happens.
Cancel
Vote Up 0 Vote Down

Cancel
0 twister5800 over 10 years ago in reply to UDPride

Welp, turning on Reject Invalid HELO/missing RDNS didnt do much. So I just turned on Do Strict RDNS checks. We'll see what happens.

I know this is a stupid question, but do you accidently, have a NAT-rule that forwards port 25, enabled to your mail server?

-----

Best regards
Martin

Sophos XGS 2100 @ Home | Sophos v20 Technician
Cancel
Vote Up 0 Vote Down

Cancel
0 Sascha Paris over 10 years ago in reply to twister5800

Could you please post your "Blocked Mails" statistics from the last 30 days (found in the reporting part of the UTM) ? Mine for example looks something like that here:

66.51% RDNS/HELO checks
30.54% RBL
1.71% Antispam Engine
0.62% Address Verification
0.62% SPF

So you see, that RDNS/HELO and RBL´s are the most effective spam catchers...the other methods are kind of "afterburner" to catch some stuff if passed first two methods. "Antispam Engine" is Commtouch/Cyren, which mostly fishes out newsletters and only low amount of remaining "real" spam.

I use RDNS in strict mode and have besides of the "recommended RBLs" also following RBL´s in place:
imap.bl.blocklist.de
mail.bl.blocklist.de
b.barracudacentral.org
drone.abuse.ch
bl.spamcop.net

But please post:
a) Your "Blocked Mails" statistics from last 30 (or 7) days
b) Some examples of passed spam mails out of the SMTP log starting with the according "new connection from..." line until mail progressing was done (sent to your backend mailserver).

Maybe there´s some hint what is going wrong in your place...
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Sascha Paris over 10 years ago in reply to twister5800

Could you please post your "Blocked Mails" statistics from the last 30 days (found in the reporting part of the UTM) ? Mine for example looks something like that here:

66.51% RDNS/HELO checks
30.54% RBL
1.71% Antispam Engine
0.62% Address Verification
0.62% SPF

So you see, that RDNS/HELO and RBL´s are the most effective spam catchers...the other methods are kind of "afterburner" to catch some stuff if passed first two methods. "Antispam Engine" is Commtouch/Cyren, which mostly fishes out newsletters and only low amount of remaining "real" spam.

I use RDNS in strict mode and have besides of the "recommended RBLs" also following RBL´s in place:
imap.bl.blocklist.de
mail.bl.blocklist.de
b.barracudacentral.org
drone.abuse.ch
bl.spamcop.net

But please post:
a) Your "Blocked Mails" statistics from last 30 (or 7) days
b) Some examples of passed spam mails out of the SMTP log starting with the according "new connection from..." line until mail progressing was done (sent to your backend mailserver).

Maybe there´s some hint what is going wrong in your place...
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data