0

Office 365 Emails to self from self not coming into Inbox

Posted by paris on Mar 16, 2017 in Random

Recently after setting an Office 365 Mailbox user up via Windows Live as they did not have Microsoft Outlook installed and didn’t want to use Webmail

You need to use IMAP settings for this as there is no Active Sync connector

After setting up Windows Live , a test email to the user’s self from himself never reached the Inbox after it was sent. If I sent one from Webmail it would come through

After research , it turns out it was going into Junk Email in Office 365 after being sent from smtp.office365.com on port 587 and this folder was not syncronised in the Windows Live settings so did not show.

I had to disable the junk mail filter or add a rule which would whitelist the own user from Junk Mail!

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , ,

 
0

Gmail/Google Mail Apps being Spammed Book Enteries 100+ Times

Posted by paris on Sep 20, 2016 in Random

googleapps[1]Recently I had a user get in contact with a problem, that they had received thousands of emails from different email address’ of nonsense. Sure enough after checking this was true. It seems that someone was bulk sending paragraphs of a book to this users , new email = new paragraph x 1000 + Interesting , was this just an email bomb or something else?

So sending emails from a book is a new way for spammers / attackers to get around the spam filter , they were sending from legitimate created Gmail/Yahoo address even though they where for email spams.

Upon investigation, the emails had stop being received about 2 hours before the user contacted me , any new emails were not coming through which means the user has hit gmails receiving limit https://support.google.com/a/answer/1366776?hl=en

Why?

This is a sign that the attacker has reset an account password somewhere and wants the email to notify you this has been done to get “lost” so the user doesn’t know he’s being attacked until its too late!

How to stop this?

You will need to purchase Google Apps Premium and enable the Post  Ini filter which can detect emails bombs

https://www.google.com/support/enterprise/static/postini/docs/admin/en/admin_spe_cu/conn_auto.html

 

 

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , , , ,

 
0

Stopping Fraudlent Spoof Emails SPAM

Posted by paris on Mar 8, 2016 in Random

ScamThere’s been a new recent wave of spoof emails sent to companies , usually emailed to financial personnel’s pretending to be from the CEO to get quick funds paid and withdrawn.

Spoofing an email address isn’t hard and with the correct background check , spammers get the correct email and sometimes signature of the “CEO”.

How do we stop this?

  1. To start with SPF, DKIM, DMARC records should all be added to the domain to verify the sender to check they are allowed to send from the company domain
  2. You should definitely have an incoming spam filter before Microsoft Exchange , depending if this is a Barracudo box / Post fix / Microsoft Frontbridge you should be able to enable a Rule to SPF check for only your domain. Enabling this for all domains will starting to spam lots of incoming email due to people not having SPF records
  3. Create a quarantine in Exchaneg  – From EMC > Organization Configuration > Hub Transport > Transport Rules create a new transport rule that says:
    From users that are outside the organization
    And when the from address matches text patterns yourdomain.com
    Forward the message to quarantine@yourdomain.com for moderation
    Now, if you have other SMTP servers in or out of your org that send on behalf of your domain, you’ll need to create an exception by adding:
    Except when the message header received matches text patterns smtp.yourdomain.com or smtp.theirdomain.com

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , ,

 
0

Office 365 Spam Avoidance

Posted by paris on Dec 1, 2015 in Random

Office-365-New[1]You can forward these emails to : junk@office365.microsoft.com or use the Outlook plugin to report and hopefully Microsoft should block these in future : https://www.microsoft.com/en-us/download/details.aspx?id=18275

 

Microsoft have actually now got a new filtering service for 365 however its paid for and by user you could maybe try : https://products.office.com/en-us/exchange/online-email-threat-protection

It’s not uncommon nowadays to have another third party appliance such as a barracuda or a hosted service such as post fix to filter items before they get to 365. It seems once a spammer figures out how to exploit 365 , all domains get the same spam. 2 layers of protection is safer!

 

1) Make sure your own SPF Records are in check : http://www.spfwizard.net/

2) Get your DKIM records in check : http://blogs.msdn.com/b/tzink/archive/2015/10/08/manually-hooking-up-dkim-signing-in-office-365.aspx

3) Get your DMARC Records in check : http://blogs.msdn.com/b/tzink/archive/2014/12/03/using-dmarc-in-office-365.aspx

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Tags: , , , , , , , ,

 
0

NDR Email Bouncing from barracudanetworks spam filter with 550 Message

Posted by paris on Feb 23, 2015 in Random

Barracuda_Networks[1]We received an NDR recently from barracuda networks spam filter with a 550 error code. It also came back with the SMTP address we were trying to send to as well as :blocked at the end. E.g.

Final-Recipient: rfc822; [email protected].com
Action: failed
Status: 5.0.0
Remote-MTA: dns; d9590b.ess.barracudanetworks.com
Diagnostic-Code: smtp; 550 permanent failure for one or more recipients
    ([email protected].com:blocked)

I tried all the basics making sure our IP had not been blacklisted : 
http://www.barracudacentral.org/reputation which it had not. I tried 
telneting to one of the SMTP servers to view the error, however this 
produced a malformed 550 error so not a good test.

Upon liaising with the postmaster at the receiving end, turns out the email had a domain name 
in the body which was on their Intent Database :
 https://techlib.barracuda.com/display/bessv10/intent+analysis+-+inbound+mail which is why it 
got blocked. Make sure you check your email for domain names if you get these.

 

VN:F [1.9.22_1171]
Rating: 10.0/10 (2 votes cast)
VN:F [1.9.22_1171]
Rating: +1 (from 1 vote)

Tags: , , , ,

Copyright © 2017 Welcome to Pariswells.com All rights reserved. Theme by Laptop Geek. Privacy Policy