 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Windows Server Forum / Small Business Server / SBS 2000 / January 2004Autoreply during major virus outbreak (novarg/mydoom)
Could everybody please turn off their autoreply on their virus scanner. It is totally getting on my nerves. I am not receiving any actual viruses just tonnes of notifications from postmasters about a virus I do not have. This virus is obviously spoofing the source email address and autoreply is possibly unwittingly contributing to the spread of the virus. When you reply to a system that might not have been infected with the original infected message you risk infecting a new system. Unless your antivirus software is clever enough to know the real source please do me a favour and turn it off. -- Darwood MCSE Remove nospamme from email address to reply. >Could everybody please turn off their autoreply on their virus scanner. OK - turning it off now. Let me know when I can put it back on again :-)  SignatureHiram Hackenbacker Darwood, This is probably not the AV autoreply (since I don't know of any AV program that sends back the still-infected message). What you see are Non Delivery Reports (NDRs) from different mailservers. This is not an AV program thing... but an general mail server thing. How else you would know if you sent a message to a wrong address? SignatureJavier [SBS MVP] << SBS ROCKS !!! >> > >Could everybody please turn off their autoreply on their virus scanner. > > OK - turning it off now. Let me know when I can put it back on again > :-) >>Could everybody please turn off their autoreply on their virus scanner. > > OK - turning it off now. Let me know when I can put it back on again Do you want us to turn off NDR notifications also? :-) SignatureJavier [SBS MVP] << SBS ROCKS !!! >> Whoa! I'm not pretending to know more than the MVP's etc here I just think it's a good idea. I got the idea from here http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci94642 3,00.html "Administrators should have policies in place to turn off notification of invalid e-mail addresses during major worm outbreaks, Dunham said. In fact, Mydoom's creator may have intentionally created the worm so it would bog down mail systems." I would say NDR's should be turned off too. If anyone thinks this is a bad idea please jump in. Later all -- Darwood MCSE Remove nospamme from email address to reply. > >>Could everybody please turn off their autoreply on their virus scanner. > > [quoted text clipped - 6 lines] > > << SBS ROCKS !!! >> No... I understand what you are saying and I agree (except for the NDRs). I do not send people notifications that they sent me a virus-infected mail... thats plain dumb (I don't even know why some AV packages have that feature). What I'm saying (on my first post) is that what you are probably seeing are NDRs. That is definitely something that you shouldn't turn off. Let's say I send you a important business proposal (just like the one from the late wife of the president of Nigeria*) and I misspell you name... I WANT an email back saying that you didn't get the message (else I would think you are not taking me seriusly). [For some reason my first post appeared later than the 2nd one] * - This is joke BTW :-) SignatureJavier [SBS MVP] << SBS ROCKS !!! >> > Whoa! I'm not pretending to know more than the MVP's etc here I just think > it's a good idea. I got the idea from here http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci94642 > 3,00.html > "Administrators should have policies in place to turn off notification of [quoted text clipped - 22 lines] > > > > << SBS ROCKS !!! >> >>>Could everybody please turn off their autoreply on their virus scanner. >> >> OK - turning it off now. Let me know when I can put it back on again > >Do you want us to turn off NDR notifications also? :-) You forgot that I smiled also. You need to direct your question to the original poster. SignatureHiram Hackenbacker > You forgot that I smiled also. You need to direct your question to > the original poster. I know... I was also joking. For some reason my first post appeared later than the 1st. SignatureJavier [SBS MVP] << SBS ROCKS !!! >> Sorry I didn't realise you guys were being sarcastic. I am from Wales where we don't have such a thing. Obviously Ken Dunham is as in the dark here as I am. I am getting the autoreplies and the NDR's. Whilst the autoreplies don't contain the virus they are mildly annoying. However the NDR's seem to be far outweighing the autoreplies at the moment. If we can turn the NDR off as well why not? As Javier alluded most of the email these days is useless anyway. Is it better to miss the odd email from someone (during the high activity period) who can't type my name or to contribute to the propagation of this virus? -- Darwood MCSE Remove nospamme from email address to reply. > > You forgot that I smiled also. You need to direct your question to > > the original poster. [quoted text clipped - 6 lines] > > << SBS ROCKS !!! >> There should be a way to send a NDR, but delete the attachment. That way, nobody could get infected by it, and it saves bandwith. If anybody knows how to do this on SBS, let me know. I looked for it a while ago, but couldn't find it. HC > Sorry I didn't realise you guys were being sarcastic. I am from Wales > where we don't have such a thing. Obviously Ken Dunham is as in the [quoted text clipped - 17 lines] >> >> << SBS ROCKS !!! >> Question is, why can't the AV software have a parameter linked to the definition, so that it would know when to send an alert to the sender, and when not. Should be a very easy thing to make, but haven't seen it yet. If anybody has that option in their AV, please let me know. HC >> Could everybody please turn off their autoreply on their virus >> scanner. > > OK - turning it off now. Let me know when I can put it back on again > :-) > Question is, why can't the AV software have a parameter linked to the > definition, so that it would know when to send an alert to the sender, and > when not. > Should be a very easy thing to make, but haven't seen it yet. If anybody has > that option in their AV, please let me know. The NDR comes from Exchange rather than the AV doesn't it? It would have to be Exchange that had the option then I presume? > > Question is, why can't the AV software have a parameter linked to the > > definition, so that it would know when to send an alert to the sender, and [quoted text clipped - 5 lines] > The NDR comes from Exchange rather than the AV doesn't it? It would have to > be Exchange that had the option then I presume? From KB324636 Turn Off Non-Delivery Reports and Delivery Reports To turn off non-delivery reports or delivery reports, follow these steps: 1.. Start Exchange System Manager. 2.. Expand Global Settings, and then click Internet Message Formats. 3.. Right-click Default, click Properties, and then click the Advanced tab. 4.. Do either of the following: a.. To prevent non-delivery reports from being sent, click to clear the Allow non-delivery reports check box. b.. To prevent delivery reports from being sent, click to clear the Allow delivery reports check box. I think that doing that even stop internal NDRs... so be careful. SignatureJavier [SBS MVP] << SBS ROCK!!! >> > > > Question is, why can't the AV software have a parameter linked to the > > > definition, so that it would know when to send an alert to the sender, [quoted text clipped - 20 lines] > b.. To prevent delivery reports from being sent, click to clear the > Allow delivery reports check box. > I think that doing that even stop internal NDRs... so be careful. You mean from an internal user to an internal user? -- Darwood MCSE Remove nospamme from email address to reply. > You mean from an internal user to an internal user? Those too... but I was referring if you send something to another domain and the other domain doesn't exist (or because you mispell it) your Exchange box cannot contact the other domain and the NDR is not produced (so you never know what happened). I'm not 100% sure about this (I don't disable NDRs)... but I recall reading that on a thread by Chad and Les (I think) a couple of days go. SignatureJavier [SBS MVP] << SBS ROCK!!! >> Hi all, Here's one for all you new [and old] MVPs! We all love you and we hope you all know! SBS2k set-up to add disclaimers to outgoing mail as per smallbizserver.net instructions - working fine. We have a single customer who we are having problems sending email to - error message we get is: You do not have permission to send to this recipient. For assistance, contact your system administrator. <OurServer#5.7.1 smtp;501 5.7.1 <sender's email address>... Sender refused by the DNSBL - MAIL REJECTED - DYNAMIC IP RANGE - RELAY VIA YOUR PROVIDER (SORBSDUL)> Now we have a cable modem set-up with dynamic [although constantly updating] IP address. In effect it's static although not guaranteed as such. Our outgoing email is sent via DNS through Exchange 2k. We're happy with that but what I want to find out is if it is possible for us to send outgoing emails to this particular recipient's domain via our ISPs mail servers rather than via DNS, but only for them. Had a dig around and [probably because its been a long - and not good! - day thus far] haven't managed to figure it out - would I be right in assuming we'd have to configure a smart host of some kind? Regards, David > Could everybody please turn off their autoreply on their virus scanner. It > is totally getting on my nerves. I am not receiving any actual viruses just [quoted text clipped - 9 lines] > > Remove nospamme from email address to reply. Hi David! You can use a Smarthost only for that ISP. I'm preparing a small document which explains how to set this up... you can download it here: http://www.inqu.net/Smarthost.zip [Check the How do I set this up / Smarthost for specific domains section] Please be aware that this is still in beta... any corrections and/or comments will be greatly appreciated. Thanks! SignatureJavier [SBS MVP] << SBS ROCK!!! >> > Hi all, > [quoted text clipped - 42 lines] > > > > Remove nospamme from email address to reply. Thanks Javier, Just realised I hit 'reply group' instead of 'new post' - been one of THOSE days...! Apologies to all for any confusion. Cheers again, David > Hi David! > [quoted text clipped - 65 lines] > > > > > > Remove nospamme from email address to reply. Excellent document Javier. -- Darwood MCSE Remove nospamme from email address to reply. > Hi David! > [quoted text clipped - 3 lines] > > [Check the How do I set this up / Smarthost for specific domains section] Thanks to both! SignatureJavier [SBS MVP] << SBS ROCKS !!! >> > Excellent document Javier. > [quoted text clipped - 10 lines] > > > > [Check the How do I set this up / Smarthost for specific domains section] Sounds like your customer could have been blacklisted as an open relay. -- Darwood MCSE Remove nospamme from email address to reply. > Hi all, > [quoted text clipped - 25 lines] > > David have a customer with similiar issue.. all the tests say they aren't an open relay and settings say they aren't but looks like spamcop have them down as such. i did turn off the NDR's as they were mounting up to daft amounts. > Sounds like your customer could have been blacklisted as an open relay. > [quoted text clipped - 34 lines] > > > > David Anyone know how to modify the NDR messages or do Inbound Recipient filtering on Exchange 2000? Robert > Could everybody please turn off their autoreply on their virus scanner. It > is totally getting on my nerves. I am not receiving any actual viruses just [quoted text clipped - 9 lines] > > Remove nospamme from email address to reply. GFI MailEssentials can blacklist an internal address so it deletes the mail before you see it but you if it is against novarg you will be chasing your tail as the name prefix before the domain seems to be different all the time. -- Darwood MCSE Remove nospamme from email address to reply. > Anyone know how to modify the NDR messages or do Inbound Recipient filtering > on Exchange 2000? [quoted text clipped - 17 lines] > > > > Remove nospamme from email address to reply. Why are these auto virus replies inteligent? If they knew which viruses used spoofed addresses and didn't reply to those then people wouldn't have to worry about turning them off. I mean it is not as if this is a sudden thing, it must be at least two years since a major virus used the proper email address of the infected person.... |
Reply to this Message |
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2009 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.