[Mimedefang] OWA spam scripting attack
skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Fri Oct 24 08:32:53 EDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
On Thu, 23 Oct 2008, Todd Aiken wrote:
> Just wondering if anybody has any ideas at how to stop this from happening?
> Unfortunately, our site policy prevents me from deleting any incoming
> messages, regardless of how highly they are rated by MIMEDefang/SpamAssassin
High rated messages get prepended a SpamAssassin warning report.
> as being spam... I am only allowed to flag them as such and then it's up to
> the individual user to filter based on that flag; otherwise, I would delete
> these stupid phishing messages before they got to our Exchange server. And
> I do not parse outgoing messages from our Exchange server to the outside
> world with MIMEDefang because there was never any need before now. Is there
I do filter in and out. Rated outgoings mails are rejected and a note is
sent to the admin. I know that some people find the latency irritating as
they assume mail is instant delivery, but most people never notice.
> something I can do on Exchange to prevent these OWA scripting attacks
Well, besides the limit by count mentioned by David, perhaps you can limit
(or notify admin) by IP range or GeoIP (e.g. how many legal users you have
from the end of the world?).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the MIMEDefang