Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 0 subscribers
  • Views 24446 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NDR Bounce/backscatter messages still come through

CHEMIAGO

So I've enabled the NDR bounce option on the ES1100 yet thousands of bounce messages from dynamic IPs are still getting through to one particular email box.  The appliance is updated to the latest OS and both Enable Bounce Address Tag Verification (BATV)" and "Treat all auto-responders identified by SophosLabs as bounces" are checked.

thx

Michael

:16805


This thread was automatically locked due to age.
Parents
  • 0

    Hi Michael,  thanks for providing the NDR info.  It looks like the original message was probably spam (directed at external addresses).  The sender 222.246.72.242 connected to the SEA using SMTP authentication to send the message - This will override the IP blocking functionality.

    Support will be able to look at the logs in more detail remotely.  In the interim, there might be a couple of things you can try:

    - Reset the password for the user that is receiving the NDRs - it could be that their password has been cracked.

    - Disable SMTP Authentication on the SEA if you do not need it

    - Turn on your outbound Anti-Spam rules on the SEA.  This particular message was given a 100% spam score by the ESA but wasn't quarantined.  (NOTE: The message will be seen as outbound because of the SMTP authentication.)

    Hope this helps,

    Tom.

    :16951
Reply
  • 0

    Hi Michael,  thanks for providing the NDR info.  It looks like the original message was probably spam (directed at external addresses).  The sender 222.246.72.242 connected to the SEA using SMTP authentication to send the message - This will override the IP blocking functionality.

    Support will be able to look at the logs in more detail remotely.  In the interim, there might be a couple of things you can try:

    - Reset the password for the user that is receiving the NDRs - it could be that their password has been cracked.

    - Disable SMTP Authentication on the SEA if you do not need it

    - Turn on your outbound Anti-Spam rules on the SEA.  This particular message was given a 100% spam score by the ESA but wasn't quarantined.  (NOTE: The message will be seen as outbound because of the SMTP authentication.)

    Hope this helps,

    Tom.

    :16951
Children
No Data
Unfiltered HTML