Personal tools

Spam & Phishing FAQs

From UntangleWiki

Jump to: navigation, search

Contents

[edit]

If an unwanted email (spam, phishing, etc) is received for an email address that cannot be quarantined, but my rules are set to quarantine, What happens?

The Quarantinable Addresses rules take precedence over the actions for email rules. In this situation, the email would be marked rather than quarantined.


[edit]

Why is blocking (or quarantining) of emails not an option for POP or IMAP?

POP and IMAP work differently than SMTP. When POP and IMAP are used, the client requests the mail when the user clicks on the email. At that point the message is downloaded from the server and scanned. Even if the application determines the message should not be passed it still must be delivered to the client because the client is waiting and will not be able to read mail unless something is delivered. As a result, only MARK is an option.


[edit]

Why can't I block superspam for POP and IMAP emails like I can for SMTP?

For the same reason that you can't quarantine POP/IMAP spam. The message is not scanned until it is requested by the mail client. At that point, the message (even if it is spam) must be delivered to the client to complete the transaction.


[edit]

Why does the Event Log report the sender as my bank, yet it was fraudulent? Why does it not report the real sender?

One of the characteristics of phishing emails is that they use deception to change the apparent sender of an email. Although Untangle Server can detect the email as a phishing attempt, there is no way to determine the true sender.


[edit]

Why is Subject (or sender) blank for some emails in the Event Log?

Not all emails (especially spam emails) have subjects. Some spammers also use tricks to cause there to be no detectable sender.


[edit]

Why is mail not passing between my Exchange servers?

The Untangle Server forces Extended SMTP (ESMTP) to fall back to SMTP so that the transmitting emails may be scanned. When two Exchange servers are setup such that they require ESMTP communication, all communications will fail. This is enforced by transparent rewriting of the "EHLO" command to "HELO" and appropriate keywords are also stripped.

This can be avoided by adding a special "No Rack" policy or a Bypass rule for communication for these two servers. To add a "Bypass Rule" go into config->networking->advanced->Bypass Rules and create a rule that describe the traffic between your two servers. To add a "No Rack" policy, enter the Policy Manager, Custom Policies and add two policies to be processed by "No Rack", one from server A to server B port 25, and one from server B to server A port 25. The net effect is that any communications between these two servers will be ignored.


[edit]

Can I forward my email to Untangle and then have Untangle forward the email to my mail server?

No. Untangle is a network gateway and is meant to be installed "in-line" with the traffic. Untangle does not store-and-forward mail. Untangle will transparently scan mail as it passes through it.


[edit]

Can I have untangle drop mail that is not to valid users?

No. Untangle does not have a list of valid emails for your site. It is suggested that your configure your email server to not accept mail for invalid users. This is the default for almost all mail servers except Microsoft Exchange. The links below are instructions on how to configure your email server.

Retrieved from "http://wiki.untangle.com/index.php/Spam_%26_Phishing_FAQs"