Results 1 to 7 of 7
  1. #1
    Master Untangler scot1967's Avatar
    Join Date
    Jan 2008
    Posts
    293

    Question Outbound spam quarantine issue

    I have raised this question in another thread started under the topic of An image file causes spam quarantine. but I think it deserves its own thread...

    Does anyone else here filter outbound email for spam? If so are the flagged messages quarantined in the sender's mailbox or is another quaratine created for the destination address?

    My guess is that Untangle only looks at the destination address and creates a quarantine for that address no matter if it matches the current domain or not.

    Is this by design? A bug? A know limitation we just have to live with? Maybe I don't understand something here.
    PCMonk
    Keeping the network safe one obsessive compulsive quirk at a time.

  2. #2
    Untangler
    Join Date
    Dec 2008
    Location
    Southern California
    Posts
    89

    Default

    Untangle creates quarantine boxes for any recipient (existing or not) unless you specify them under the Quarantinable Addresses found under the Config Tab, Email, Quarantine Tab. See the attached pic.

    Inbound/Outbound in this case don't have anything to do with it, if it thinks the message being filtered is spam.
    Last edited by Dipster; 01-05-2010 at 10:22 AM.

  3. #3
    Master Untangler scot1967's Avatar
    Join Date
    Jan 2008
    Posts
    293

    Default

    Quote Originally Posted by Dipster View Post
    Untangle creates quarantine boxes for any recipient (existing or not) unless you specify them under the Quarantinable Addresses found under the Config Tab, Email, Quarantine Tab. See the attached pic.

    Inbound/Outbound in this case don't have anything to do with it, if it thinks the message being filtered is spam.
    Yes, this is the behavior I see but is this of any use for Outbound mail or even desirable. If you send quarantine digest messages Untangle will try to send a digest to these bogus email addresses (or maybe not bogus). If a machine gets bot'ed and starts sending 100's of spams it could make a real mess real fast.
    PCMonk
    Keeping the network safe one obsessive compulsive quirk at a time.

  4. #4
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    3,022

    Default

    Create a firewall rule blocking outbound port 25 for all but the mail server, and you solved 99.9% of any bot situations. They usually don't involve other systems in their shenanigans.

    Untangle isn't designed for filtering outbound emails. That's why it doesn't do so out of the box.
    m.
    <BR>
    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.
    <BR>It often helps troubleshooting if you have a good network map. Look <A HREF="http://forums.untangle.com/tip-day/5407-how-draw-network-diagram.html">here</A> if you want my advice on how to draw one. <BR> <B>Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com<B>

  5. #5
    Master Untangler scot1967's Avatar
    Join Date
    Jan 2008
    Posts
    293

    Default

    Quote Originally Posted by mrunkel View Post
    Create a firewall rule blocking outbound port 25 for all but the mail server, and you solved 99.9% of any bot situations. They usually don't involve other systems in their shenanigans.

    Untangle isn't designed for filtering outbound emails. That's why it doesn't do so out of the box.
    This is my conclusion as well. It is nice to hear someone else agree with my assumption. I wish it were documented somewhere that this is the case.

    I have had the port 25 rule in my Untangle since I noticed the problem. It happens rarely on my network. I have always blocked 25 outbound at my corporate firewall from all but the mail server.

    If there are bots out there that would scan a local network for a mail server to send mail through I would be hammered though. Most anyone else would be as well though. I am not sure if there are such threats around though.
    PCMonk
    Keeping the network safe one obsessive compulsive quirk at a time.

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,497

    Default

    Documented somewhere? By default there is a no rack policy for everything outbound to a TCP port 25. I would think that would be enough of an indicator...

    But then again, I've been around here long enough to see the insanity that results from a single server that is scanning outbound mail. So you're probably correct in that assumption.

    At least in 7.1 we seem to be moving in a better direction in this regard, the spam module has a new "don't scan outgoing SMTP" option as well as the no rack policy. I assume eventually everything will come down to that checkbox, as the spam module is made more intelligent and automatically ignores traffic bound for a wan enabled adapter.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  7. #7
    Master Untangler scot1967's Avatar
    Join Date
    Jan 2008
    Posts
    293

    Default

    Quote Originally Posted by sky-knight View Post
    Documented somewhere? By default there is a no rack policy for everything outbound to a TCP port 25. I would think that would be enough of an indicator...
    In my opinion if Untangle does not recommend the use of the outbound filter then the options should be removed or the behavior should be more clearly stated in the docs as normal.

    Should I add an FAQ to the wiki? What do you think?

    Thanks to all for the responses.
    PCMonk
    Keeping the network safe one obsessive compulsive quirk at a time.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2