So I've enabled the NDR bounce option on the ES1100 yet thousands of bounce messages from dynamic IPs are still getting through to one particular email box. The appliance is updated to the latest OS and both Enable Bounce Address Tag Verification (BATV)" and "Treat all auto-responders identified by SophosLabs as bounces" are checked.
thx
Michael
Thanks for the responses.
This is definitely coming into the appliance. There are no logs associted with these NDRs. as you can see below, the ES1100 is generating the NDR message. These come about 10 a minute to just the one email address and nothing i can to will block the NDR. I can't even block emails from "MAILER-DAEMON@es1100email.XXXXXXXX.local", the messages still come through. I've created a rule in Outlook to permanently delete the messages as my work around.
To Jason, this is how the filtering options are set in the ES1100 and I had already submitted the below message to is-spam@sophos.com
| Enable Denial of Service and Directory Harvest Attack protection CHECKED | Block mail from non-existent domains CHECKED |
From: Mail Delivery System [mailto:MAILER-DAEMON@es1100email.XXXXXXXX.local]
Sent: Friday, June 10, 2011 8:04 AM
To: Chemoffice
Subject: Undeliverable: blpzr£¬¢ß2011 ×î ¸ø Á¦ ÍÆ ¼ö>Ѹ ËÙ ³É Ϊ ÀÏ °å µÄ ×ó °ò ÓÒ ±Ûx5g1kuqrz
Delivery has failed to these recipients or distribution lists:
0535it@163.com
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
55062856@163.com
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
blpzr@163.com
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
changjiang_aaaa@163.com
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
cocenter@163.com
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
brunoassoc@aol.com
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
axym@bd.user.he.cninfo.net
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
askinner@nicusa.com
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
judithy1980@sina.com
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
The following organization rejected your message: 10.0.1.250.
Diagnostic information for administrators:
Generating server: es1100email.XXXXXXXX.local
0535it@163.com
10.0.1.250 #<10.0.1.250 #5.7.1 smtp; 550 5.7.1 Unable to relay> #SMTP#
55062856@163.com
10.0.1.250 #<10.0.1.250 #5.7.1 smtp; 550 5.7.1 Unable to relay> #SMTP#
blpzr@163.com
10.0.1.250 #<10.0.1.250 #5.7.1 smtp; 550 5.7.1 Unable to relay> #SMTP#
changjiang_aaaa@163.com
10.0.1.250 #<10.0.1.250 #5.7.1 smtp; 550 5.7.1 Unable to relay> #SMTP#
cocenter@163.com
10.0.1.250 #<10.0.1.250 #5.7.1 smtp; 550 5.7.1 Unable to relay> #SMTP#
brunoassoc@aol.com
10.0.1.250 #<10.0.1.250 #5.7.1 smtp; 550 5.7.1 Unable to relay> #SMTP#
axym@bd.user.he.cninfo.net
10.0.1.250 #<10.0.1.250 #5.7.1 smtp; 550 5.7.1 Unable to relay> #SMTP#
askinner@nicusa.com
10.0.1.250 #<10.0.1.250 #5.7.1 smtp; 550 5.7.1 Unable to relay> #SMTP#
judithy1980@sina.com
10.0.1.250 #<10.0.1.250 #5.7.1 smtp; 550 5.7.1 Unable to relay> #SMTP#
Original message headers:
Received: from es1100email.XXXXXXX.local (localhost.localdomain [127.0.0.1])
by localhost (Email Security Appliance) with SMTP id 057BF1472124_DF23290B;
Fri, 10 Jun 2011 15:04:48 +0000 (GMT)
X-Sophos-ESA-SMTPD-Auth-On: authentication enabled
X-Sophos-ESA-External-Sender: external sender
X-Sophos-ESA-SMTPD-Auth-On: authentication enabled
X-Sophos-ESA-External-Sender: external sender
X-Sophos-ESA-SMTPD-Auth-On: authentication enabled
X-Sophos-ESA-External-Sender: external sender
X-Sophos-ESA-SMTPD-Auth-On: authentication enabled
X-Sophos-ESA-External-Sender: external sender
X-Sophos-ESA-SMTPD-Auth-On: authentication enabled
X-Sophos-ESA-External-Sender: external sender
X-Sophos-ESA-SMTPD-Auth-On: authentication enabled
X-Sophos-ESA-External-Sender: external sender
X-Sophos-ESA-SMTPD-Auth-On: authentication enabled
X-Sophos-ESA-External-Sender: external sender
X-Sophos-ESA-SMTPD-Auth-On: authentication enabled
X-Sophos-ESA-External-Sender: external sender
X-Sophos-ESA-SMTPD-Auth-On: authentication enabled
X-Sophos-ESA-External-Sender: external sender
Received: from by (unknown [222.246.72.242])
by es1100email.XXXXXXXX.local (Sophos Email Appliance) with ESMTP id 273BA147111E_DF23283F;
Fri, 10 Jun 2011 15:04:34 +0000 (GMT)
Message-ID: <D013517CE1D952421E9678155AD1EFDC@by>
From: =?gb2312?B?zMbcsLvb?= <chemoffice@chemithon.com>
To:
Subject: =?gb2312?B?YmxwenKjrKLfMjAxMSDX7iC4+CDBpiDNxiA=?=
=?gb2312?B?vPY+0bggy9kgs8kgzqogwM8gsOUgtcQg1/MgsPIg?=
=?gb2312?B?09Igsdt4NWcxa3Vxcno=?=
Date: Fri, 10 Jun 2011 23:04:32 +0800
MIME-Version: 1.0
Content-Type: text/plain
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-SEA-Spam: Gauge=XXXXXXXXXX, Probability=100%, Report='
KNOWN_SPAM_EXCELSIG 8, LIKELY_CHINESE_SPAM 4, TO_EMPTY 2.0, HTML_FONT_INVISIBLE 1.0, CHINESE_MSG_SUBJECT_ENDS_IN_ALPHANUMERIC 0.5, HTML_70_90 0.1, HTML_NO_HTTP 0.1, BODYTEXTH_SIZE_10000_LESS 0, BODY_SIZE_10000_PLUS 0, FORGED_MUA_OUTLOOK 0, INVALID_MSGID_NO_FQDN 0, LOCALE_CHINESE 0, NO_URI_FOUND 0, USER_AGENT_OE 0, XLS_ATTACHED 0, __CHAR_CHINESE_SUBJ 0, __CHINESE_SUBJECT 0, __CT 0, __CTYPE_HAS_BOUNDARY 0, __CTYPE_MULTIPART 0, __CTYPE_MULTIPART_MIXED 0, __HAS_HTML 0, __HAS_MSGID 0, __HAS_MSMAIL_PRI 0, __HAS_X_MAILER 0, __HAS_X_PRIORITY 0, __HIGHBITS 0, __HTML_FONT_BLUE 0, __HTML_FONT_RED 0, __MIME_HTML 0, __MIME_VERSION 0, __OUTLOOK_MUA 0, __OUTLOOK_MUA_1 0, __PHISH_SPEAR_STRUCTURE_1 0, __RUS_SUBJ_UCASE_1251 0, __SANE_MSGID 0, __SUBJECT_ENDING_IN_LATIN_OR_NUMERALS 0, __SUBJ_HIGHBIT 0, __TAG_EXISTS_HTML 0, __USER_AGENT_MS_GENERIC 0'
Thanks for the responses.
This is definitely coming into the appliance. There are no logs associted with these NDRs. as you can see below, the ES1100 is generating the NDR message. These come about 10 a minute to just the one email address and nothing i can to will block the NDR. I can't even block emails from "MAILER-DAEMON@es1100email.XXXXXXXX.local", the messages still come through. I've created a rule in Outlook to permanently delete the messages as my work around.
To Jason, this is how the filtering options are set in the ES1100 and I had already submitted the below message to is-spam@sophos.com
| Enable Denial of Service and Directory Harvest Attack protection CHECKED | Block mail from non-existent domains CHECKED |
From: Mail Delivery System [mailto:MAILER-DAEMON@es1100email.XXXXXXXX.local]
Sent: Friday, June 10, 2011 8:04 AM
To: Chemoffice
Subject: Undeliverable: blpzr£¬¢ß2011 ×î ¸ø Á¦ ÍÆ ¼ö>Ѹ ËÙ ³É Ϊ ÀÏ °å µÄ ×ó °ò ÓÒ ±Ûx5g1kuqrz
Delivery has failed to these recipients or distribution lists:
0535it@163.com
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
55062856@163.com
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
blpzr@163.com
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
changjiang_aaaa@163.com
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
cocenter@163.com
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
brunoassoc@aol.com
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
axym@bd.user.he.cninfo.net
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
askinner@nicusa.com
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
judithy1980@sina.com
Your message wasn't delivered because of security policies. Microsoft Exchange will not try to redeliver this message for you. Please provide the following diagnostic text to your system administrator.
The following organization rejected your message: 10.0.1.250.
Diagnostic information for administrators:
Generating server: es1100email.XXXXXXXX.local
0535it@163.com
10.0.1.250 #<10.0.1.250 #5.7.1 smtp; 550 5.7.1 Unable to relay> #SMTP#
55062856@163.com
10.0.1.250 #<10.0.1.250 #5.7.1 smtp; 550 5.7.1 Unable to relay> #SMTP#
blpzr@163.com
10.0.1.250 #<10.0.1.250 #5.7.1 smtp; 550 5.7.1 Unable to relay> #SMTP#
changjiang_aaaa@163.com
10.0.1.250 #<10.0.1.250 #5.7.1 smtp; 550 5.7.1 Unable to relay> #SMTP#
cocenter@163.com
10.0.1.250 #<10.0.1.250 #5.7.1 smtp; 550 5.7.1 Unable to relay> #SMTP#
brunoassoc@aol.com
10.0.1.250 #<10.0.1.250 #5.7.1 smtp; 550 5.7.1 Unable to relay> #SMTP#
axym@bd.user.he.cninfo.net
10.0.1.250 #<10.0.1.250 #5.7.1 smtp; 550 5.7.1 Unable to relay> #SMTP#
askinner@nicusa.com
10.0.1.250 #<10.0.1.250 #5.7.1 smtp; 550 5.7.1 Unable to relay> #SMTP#
judithy1980@sina.com
10.0.1.250 #<10.0.1.250 #5.7.1 smtp; 550 5.7.1 Unable to relay> #SMTP#
Original message headers:
Received: from es1100email.XXXXXXX.local (localhost.localdomain [127.0.0.1])
by localhost (Email Security Appliance) with SMTP id 057BF1472124_DF23290B;
Fri, 10 Jun 2011 15:04:48 +0000 (GMT)
X-Sophos-ESA-SMTPD-Auth-On: authentication enabled
X-Sophos-ESA-External-Sender: external sender
X-Sophos-ESA-SMTPD-Auth-On: authentication enabled
X-Sophos-ESA-External-Sender: external sender
X-Sophos-ESA-SMTPD-Auth-On: authentication enabled
X-Sophos-ESA-External-Sender: external sender
X-Sophos-ESA-SMTPD-Auth-On: authentication enabled
X-Sophos-ESA-External-Sender: external sender
X-Sophos-ESA-SMTPD-Auth-On: authentication enabled
X-Sophos-ESA-External-Sender: external sender
X-Sophos-ESA-SMTPD-Auth-On: authentication enabled
X-Sophos-ESA-External-Sender: external sender
X-Sophos-ESA-SMTPD-Auth-On: authentication enabled
X-Sophos-ESA-External-Sender: external sender
X-Sophos-ESA-SMTPD-Auth-On: authentication enabled
X-Sophos-ESA-External-Sender: external sender
X-Sophos-ESA-SMTPD-Auth-On: authentication enabled
X-Sophos-ESA-External-Sender: external sender
Received: from by (unknown [222.246.72.242])
by es1100email.XXXXXXXX.local (Sophos Email Appliance) with ESMTP id 273BA147111E_DF23283F;
Fri, 10 Jun 2011 15:04:34 +0000 (GMT)
Message-ID: <D013517CE1D952421E9678155AD1EFDC@by>
From: =?gb2312?B?zMbcsLvb?= <chemoffice@chemithon.com>
To:
Subject: =?gb2312?B?YmxwenKjrKLfMjAxMSDX7iC4+CDBpiDNxiA=?=
=?gb2312?B?vPY+0bggy9kgs8kgzqogwM8gsOUgtcQg1/MgsPIg?=
=?gb2312?B?09Igsdt4NWcxa3Vxcno=?=
Date: Fri, 10 Jun 2011 23:04:32 +0800
MIME-Version: 1.0
Content-Type: text/plain
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.5512
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512
X-SEA-Spam: Gauge=XXXXXXXXXX, Probability=100%, Report='
KNOWN_SPAM_EXCELSIG 8, LIKELY_CHINESE_SPAM 4, TO_EMPTY 2.0, HTML_FONT_INVISIBLE 1.0, CHINESE_MSG_SUBJECT_ENDS_IN_ALPHANUMERIC 0.5, HTML_70_90 0.1, HTML_NO_HTTP 0.1, BODYTEXTH_SIZE_10000_LESS 0, BODY_SIZE_10000_PLUS 0, FORGED_MUA_OUTLOOK 0, INVALID_MSGID_NO_FQDN 0, LOCALE_CHINESE 0, NO_URI_FOUND 0, USER_AGENT_OE 0, XLS_ATTACHED 0, __CHAR_CHINESE_SUBJ 0, __CHINESE_SUBJECT 0, __CT 0, __CTYPE_HAS_BOUNDARY 0, __CTYPE_MULTIPART 0, __CTYPE_MULTIPART_MIXED 0, __HAS_HTML 0, __HAS_MSGID 0, __HAS_MSMAIL_PRI 0, __HAS_X_MAILER 0, __HAS_X_PRIORITY 0, __HIGHBITS 0, __HTML_FONT_BLUE 0, __HTML_FONT_RED 0, __MIME_HTML 0, __MIME_VERSION 0, __OUTLOOK_MUA 0, __OUTLOOK_MUA_1 0, __PHISH_SPEAR_STRUCTURE_1 0, __RUS_SUBJ_UCASE_1251 0, __SANE_MSGID 0, __SUBJECT_ENDING_IN_LATIN_OR_NUMERALS 0, __SUBJ_HIGHBIT 0, __TAG_EXISTS_HTML 0, __USER_AGENT_MS_GENERIC 0'
