RE: GFI Mail Essentials 11 - NDR's and SMTP Ma il Queue

  • From: "Chris Wall" <Chris.Wall@xxxxxxxxxxxxxxxxxxx>
  • To: "[ExchangeList]" <exchangelist@xxxxxxxxxxxxx>
  • Date: Thu, 13 Oct 2005 15:42:57 -0400

My order is:


IP Whitelist

Email / Domain Whitelist (incl. Auto Whitelist)

Custom Blacklist

Directory Harvesting

Sender Policy Framework

Keyword Whitelist

DNS Blacklists

Spam URI Realtime Blocklists

Bayesian Analysis

Header Checking

Keyword Checking



From: Jason Davis [mailto:JDavis@xxxxxxxxxx] 
Sent: Thursday, October 13, 2005 3:33 PM
To: [ExchangeList]
Subject: [exchangelist] RE: GFI Mail Essentials 11 - NDR's and SMTP Ma
il Queue



Thanks again for all your time and knowledge.


Incidentally, how have you configured your priorities in GFI?  Right
now, I have Whitelist at the top, but I will change to Directory
Harvesting per your last email.





From: Chris Wall [mailto:Chris.Wall@xxxxxxxxxxxxxxxxxxx] 
Sent: Thursday, October 13, 2005 12:16 PM
To: [ExchangeList]
Subject: [exchangelist] RE: GFI Mail Essentials 11 - NDR's and SMTP Mail



   Most spam is from 'Spoofed' e-mail accounts, therefore when an NDR is
sent to the Spoofed e-mail account (and of course they will fail due to
the fake address) it is retried for delivery based upon your SMTP


    By default, I believe that mail is retried for 48 hours before being
deleted.  Here is what I have done to ease the issue:


1.      Use the 'Directory Harvest' feature of GFI 

        a.      This verifies that an e-mail address exists in your
domain via an LDAP lookup before GFI will continue processing the mail
for delivery and additional spam checks.  You want to make sure this is
the first check that is done before all other Spam filters (you can
prioritize GFI checks in version 11) 
        b.      If any mail triggers the 'Directory Harvest' check,
configure this to NOT send and NDR. 

The only downfall here is if someone sends a legitimate e-mail and
mistypes one of your user's e-mail addresses, they will not be notified
that the mail was not delivered.  This has not been an issue for me yet.

The Directory Harvest feature is so efficient for our organization that
very few e-mails (in comparison) trigger the other SPAM checks.

2.      Turn off NDR's for the SPF, Blacklist and DNS Blacklist options.
(if you have them enabled) 

        a.      99% of the e-mails that trigger these filters are known
spammers.  Who cares if they get an NDR. 

3.      Turn on NDR's for the Bayesian, Key Word and Header Checking
4.      Set up and Automated task to delete your Badmail directory on a
nightly, or weekly basis. 
5.      You can also play around with the default settings for 'Retry
Mail Delivery' so that they are not retried for 48 hours.  I have
adjusted mine to try for only 24 hours before failing the message.  


This should help minimize the amount of mail that builds up in your
queues and still notify the senders when they are being filtered out...



Other related posts: