Trying to relay Spam in GW 5.5

[vdwal]

They are trying to use us to relay SPAM.

The gateway GWIA 5.5 will examine the message before sending it to the Problem folder. The system then sends the Undeliverable message to me (Postmaster). The sender thinks that they sucessfully Relayed the message to the 5.5 Gateway because of this action and will keep on using my Gateway.

How can I stop this ??????


------------------------------------
When in doubt, mumble
When in trouble, delegate
------------------------------------

 

[FarOut]

I don't fully understand what your goal is. If it is a matter of stopping someone from using you as a relay host. Then you can just turn off SMTP Relaying on the GWIA, NWAdmin (or ConsoleOne) GWIA/Access Control/SMTP Relay. I don't see that it matters what the offending sender thinks. As long as you have protected your system.

FarOut
V-Peace-V

 

[vdwal]

FarOut,

I know, I already stopped relay.

But GW 5.5 trys to send, each time when some one is trying to relay, a message to the sender off the message. And the sender does not exist as usual in SPAM. See example...

example
From: Noppert-Domein.GWIATEST.GATEWAY
To: Admin.Noppert-postbus.Noppert-Domein,
Date: 3/15/04 12:48pm
Subject: Undeliverable gateway message

The attached file had the following undeliverable recipient(s):

livic@hotmail.com (access denied)
kotzbkco@yahoo.com.tw (access denied)
h120744618@yahoo.com.tw (access denied)
tsptsk@tomail.com.tw (access denied)
iamsmilingforyou-owner@mychannel.com.tw (access denied)
idpt572@seed.net.tw (access denied)
tekken@ethome.net.tw (access denied)
jlm@ms53.hinet.net (access denied)
eecc@sayhi.net (access denied)
webmaster@ewang.net (access denied)
###########################################################
MIME file
###########################################################
MAIL FROM:<0oktn.8rdld@hotmail.com>
RCPT TO:<webmaster@ewang.net>
RCPT TO:<eecc@sayhi.net>
RCPT TO:<jlm@ms53.hinet.net>
RCPT TO:<tekken@ethome.net.tw>
RCPT TO:<idpt572@seed.net.tw>
RCPT TO:<iamsmilingforyou-owner@mychannel.com.tw>
RCPT TO:<tsptsk@tomail.com.tw>
RCPT TO:<h120744618@yahoo.com.tw>
RCPT TO:<kotzbkco@yahoo.com.tw>
RCPT TO:<livic@hotmail.com>
Received: from 225.172.35.39
(NK219-91-103-39.adsl.pl.apol.com.tw [219.91.103.39])
by mail.noppert.nl; Mon, 15 Mar 2004 12:46:57 +0100
Received: from mm8m.tmnmle.net (mx.tmnmle.net[108.18.82.183] (may be forged)) by [198.181.86.187] (8.8.5/8.7.8) with SMTP id XAA01382; ¬P´Á¤G 28 ¤Q¤G¤ë 2003 12:18:220700 (EDT)
Reply-To: 0oktn.8rdld@hotmail.com
X-PMFLAGS: 48651381.71
X-UIDL: 70283581_188923.653
Comments: Authenticated Sender is <p8himp3m6wpc@nicoh.com>
Message-Id: <138772185_35284287>
X-MDaemon-Deliver-To: p8himp3m6wpc@nicoh.com
X-Return-Path: p8himp3m6wpc@nicoh.com
From: "m819:58:158m" <0oktn.8rdld@hotmail.com>
Subject: =?Big5?B?GP0S?=
To: "m03/15mm" <webmaster@ewang.net>
Content-Type: text/html;
charset="DEFAULT"
Sender: "m819:58:158m" <0oktn.8rdld@hotmail.com>
Date: Mon, 15 Mar 2004 19:58:57 +0800
X-Mailer:Microsoft Outlook Express 5.50.4133.2400
X-MimeOLEroduced By Mircosoft MimeOLE V6.00.2600.0000
Return-Path:0oktn.8rdld@hotmail.com

<!-- 2004/3/15 ¤U¤È 07:58:15-->
<!-- webmaster@ewang.net-->
###########################################################


------------------------------------
When in doubt, mumble
When in trouble, delegate
------------------------------------

 

[FarOut]

I don't beleive that you can disable the reply back to the sender. The only control that I know of is how much of the original message to have returned. The sure fire way to resolve this is to add a Spam Firewall. Maybe someone else on here knows of a way within GW to do what you want. Good luck!

FarOut
V-Peace-V

 

[vdwal]

FarOut,

Thanks for your info. I also though that it was not possible. Perhaps in a newer version of Groupwise (6.5) this problem is solved.

I also have a Barracuda Spam filter installed. But still they can find the GW server because is also has a public IP Adress.

Perhaps You or anyone else can tell me how to block this in the barracuda (wich has a dfferent public IP adress).



------------------------------------
When in doubt, mumble
When in trouble, delegate
------------------------------------

 

[FarOut]

I can only speak for the Barracuda 400 Spam Firewall. But if the other models are like it (which I do beleive they are) then you can control messages to the sender for any type situation, undeliverables, recipient unknown, etc.. If you don't get the information from someone else sooner I will post them when I get back to the office tomorrow morning.

FarOut
V-Peace-V

 

[MichiganRon]

vdwal,

The following statement assumes two things:
1. Your GroupWise server is behind a firewall.
2. ALL email goes through your Barracuda.

Using your firewall, drop ALL SMTP traffic to your GroupWise server EXCEPT SMTP traffic from your Barracuda's IP address.

-Ron

We all play from the same deck of cards, it's how we play the hand we are dealt which makes us who we are. -Me

murof siht edisni kcuts m'I - PLEH