Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

8.3 Million Emails in 3 Weeks

Status
Not open for further replies.
squirre777

squirre777

IS-IT--Management
Dec 16, 2004
37
US
Ok, I'll start off by introducing my network. I run a few Server 03 boxes and one Exchange 03 box. I also have GFI MailEssentials 12 running on my Exchange box. My Firewall is a Watchguard X500. My network consists of about 85 users.

The problem I'm having is with spammers bombarding my domain name with spam. I can log into Exchange System Manager and the Queue will routinely have about 5K to 10K emails. I have to shut down SMTP service and let them filter out, but of course with all these emails my end users have a delay on all mail, internal and external. I spoke with GFI tech support who reviewed the logs and they said I indeed had about 8.3 million emails since my last server reboot, about 3 weeks ago.

Reviewing the individual spams, they are all addressed to non existant domain users ie: blahblah@mydomain.org. This is not a relay attack or anything. GFI said that it's doing it's job, which it is very nicely. The problem is the quantity of emails hitting the server. The box is behind the firewall and everything is configured correctly.

GFI said I should look into a mail relay outside of Exchange and run MailEssentials on it to help filter the emails out before hitting Exchange. They said there is no way to block them out because their not relaying, just attacking my actual domain name.

So I guess my question to you guys is this, should i setup another mail server to relay or is there something I can do at the firewall level to get these off my Exchange box?

Thx for your help!
 
Sort by date Sort by votes
Use the AD lookup to drop non existent users, it is a GFi module. 3 million a week isn't actually a lot for that set up.

Postini or MessageLabs might be worth a look though.
 
Upvote 0 Downvote
I have. GFI is doing an excellent job of filtering out the crud, it's just when 15K emails hit my server in 2 minutes it clogs up exchange for like an hour. I need a way to offload the filtering from my Exchange box.
 
Upvote 0 Downvote
we use the Barracuda filter as our relay with thier exchange accelerator configured that looks up each user on the server via LDAP. If the user is not on the server it rejects the mail without the EX server ever seeing the mail.Our Barracuda rejects around 200,000 emails an hour on average due to bad recipent.
 
Upvote 0 Downvote
So if I upgraded my Watchguard Firewall with its SpamBlocker I'm assuming I can do the same filtering correct?
 
Upvote 0 Downvote
Turn on recipient filtering and tar pitting in Exchange

Exchange will deal with all of this just as good as Mail Essentials will.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Upvote 0 Downvote
Thats my problem though (and I have turned on Rec Filt and tar pit regedit). All these emails are being filtered on the exchange server and it can't handle the load. An Exchange Server shouldn't be able to handle 100,000 emails within a few minutes. My solution is to get the filtering completely off Exchange. MailEssentials is handling the filtering great, it just grabs the mails after hitting Exchange, which is fine with filtering out the crud from users but not simplifying my Exchange load. I want to handle the bulk of them before hitting Exchange. Upgrade my WatchGuard to handle the bad recipients?
 
Upvote 0 Downvote
Put a Barracuda in front of the Exchange, let it do all the work. That way the Exchange server will only see email to valid recipients. You also get the added benefit of the spam filtering on the Barracuda in addition to all the rest you have.

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

There are no more PDC's! There are DC's with FSMO roles!
 
Upvote 0 Downvote
That was what I'm thinking. I can get an upgraded Firebox MUCH cheaper than the Barracuda though, I'm just wondering if I can do the same recipient filtering with it. I plan on keeping GFI as I'm getting a 99.7% success rate with my spam, I just want the off-server device to do recipient filtering based on AD or LDAP.
 
Upvote 0 Downvote
Use a cloud based solution like AppRiver, FrontBridge, Postini, etc. That way, the messages don't even hit your bandwidth.

Pat Richard MVP
Plan for performance, and capacity takes care of itself. Plan for capacity, and suffer poor performance.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

microsGuy16
  • Locked
  • Question
Global Address List Names not showing in Outlook OWA 365
Replies
0
Views
1K
microsGuy16
microsGuy16
T
  • Locked
  • Question
How to use third party mail security gateway to scan internal/inter-domain mails in Exchange On-Premise?
Replies
3
Views
954
DrB0b
DrB0b
DrB0b
  • Locked
  • Question
Moved to 365 in cloud, cannot get iPhones default mail app to connect
Replies
2
Views
1K
Priyanka_Chauhan
Priyanka_Chauhan
IcarusHallsorts
  • Locked
  • Question
VBA to create output file of headers of selected emails
Replies
0
Views
1K
IcarusHallsorts
IcarusHallsorts
Brent Fletcher
  • Locked
  • Question
Exchange rule to remove "✉" icon when it appears in a subject title from a supplier
Replies
0
Views
1K
Brent Fletcher
Brent Fletcher

Part and Inventory Search

Sponsor

Back
Top