spam notifications to Distribution list

Unanswered Question
May 10th, 2007

Hi

I got a problem with spam notifications to DL .

how do i prevent IRONPORT spam filter from sending his notifications to DL.?

all my clients get alot of notifications for each dl they are member in (if they get spam to this mailing list)

i tried using ldap+content filter -any suggestions ??

:?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bvanzant_ironport Thu, 05/10/2007 - 17:51

There are probably better solutions than this but here are a few ideas:

- Don't allow mail from the outside world to your distribution lists
- Create a mail policy for your distrib lists that drops spam instead of quarantining it
- Only quarantine suspect spam and drop spam positive (I have yet to see a false-positive that was above suspect spam). Doing this most folks get 1-2 notifications a week instead of 7.

yanir_ironport Sun, 05/13/2007 - 08:26

hi
Thanks for your replay.

-you right about now allowing to send from outside world to DL ,i tried it by allowing only authenticated users to send to DL in my exchange server .
but since allot of mail from inside domain are not actually authenticated by AD .
i dropped it .

I will try you second suggestion even though i a bit worried by dropping the spam instead of quarantine it .

Thanks



i tried using ldap+content filter -any suggestions ??

:?


You cannot use ldap since the DL doesn't contains email addresses, but members DNs.
The only other straight solution i think of is to create aliases list of all your internal DLs on the ironport appliances that will be exported and imported automatically by using some scripting language. this way, the anti-spam engine will scan the email message per specific recipient (which is a member of the alias group) and will not see any recipient of a DL email address.

Keep in touch :)
yanir_ironport Thu, 05/17/2007 - 12:18

Hi

im talking about email enabled DL .

The solutotion i see is to use ldap query for objectclass=group (AD2003).
Enable it on the specific listner.
the you need to add a incomming mail policy ,where the query search for the string "group" ,if true drop the mail don't quarantine it -then it will prevent the notification .

that it -what i could done in BrightMail in one click .

:evil:

Actions

This Discussion