CASG Beta 1, Feedback!

[Guest]

[w-e-v]

Ive noticed that many incoming mail, just go straight to our mailserver, even not through CASG.
Why does this happen? Is very often that your mailservers are not reachable?

We have configured our mailservers with this priorities:
. mxsrv1.spamgateway.comodo.com (10)
. mxsrv2.spamgateway.comodo.com (20)
. mail.mydomain.com (30)

As you can see, our mailserver has the lowest priority.
So that means that whenever the first two mailservers (by comodo) dont respond, then our mailserver will process directly the messages.

We have received some spam that was directly sent through mail.mydomain.com.
How can this be avoided?

[Kirill Nelinov]

We have received some spam that was directly sent through mail.mydomain.com.
How can this be avoided?

Hmm... I'm not sure yet how did happen. Let me ask you few questions:
Was it during some specific time period?
Do you still receive it?
Could you please send me source of the received spam message?

[w-e-v]

Thank you Kirill,

Ive just sent you 3 spam samples that we received directly bypassing CASG.
We keep getting some of them.

I couldnt send you any spam from today or yesterday because I always delete them.
The 3 samples I sent you through PM, are from another mailbox using the same domain.
Actually, you will have 4 PM with the "bypassed spam". Dont pay attention to the very first one, since it doesnt include the headers. The other 3 PM include their respective headers.

Should I keep posting latest spams that are bypassed?

[Kirill Nelinov]

Thanks, We are investigating.
Yes, please keep posting latest spams

[w-e-v]

Thanks, We are investigating.
Yes, please keep posting latest spams

Ok, I will keep posting them as soon as we receive them.

Now what about spam that has been through CASG and were 'caught-missed'?
Can I report those too via PM, or you have an email where can I attach these files?

[Kirill Nelinov]

We are releasing new version soon, which will have this functionality in UI.
For now - yes please keep posted.
It would be great if you could mark it as 'caught-missed' and 'mx-skipped'

[w-e-v]

Hi,

I have 4 "caught-missed" and 1 "mx-skipped" from today, but I am not able to send the source through the forum because there is a limit of 4,000 characters. And well, apparently the characters in the SPAM samples are more than that.

What do you recommend?

[Kirill Nelinov]

Ok.
We've checked and looks like there where no connectivity issues with our servers.

It means that "mx-skipped" messages where sent directly to your server.
This is possible until you have mail.yourdomain.com as the third MX server.
Spammers also has access to MX and may send spam directly to the third or to all servers in MX.
So if you want to completely avoid this type of spam - remove mail.yourdomain.com from MX.

As for "caught-missed" I think it is better to wait two weeks for a new version.

[w-e-v]

It means that "mx-skipped" messages where sent directly to your server.
This is possible until you have mail.yourdomain.com as the third MX server.
Spammers also has access to MX and may send spam directly to the third or to all servers in MX.

Thats what I thought. It makes lots of sense. Thank you Kirill.

So if you want to completely avoid this type of spam - remove mail.yourdomain.com from MX.

I understand your suggestion, and thats something I thought before on doing in order to avoid CASG to be bypassed. However, I didnt delete it, because mail.mydomain.com is the final mail server destination route in the 'Destination routes' field of CASG UI. This is where the mails are delivered from CASG after appropriate filtering of mails.

Thats the reason why I didnt delete mail.mydomain.com from my MX records list.

What can we do in this case?

As for "caught-missed" I think it is better to wait two weeks for a new version.

Ok, I cant wait until the new release!

[Kirill Nelinov]

because mail.mydomain.com is the final mail server destination route in the 'Destination routes' field of CASG UI.

Ah, let me explain.
Routes should contain exactly the same records as you had in MX before CASG.
We will use these routes to send messages that had passed filters.
And strictly saying your new MX should not contain old destination servers, only mxsrv*.

However here you have choice:
1) Set MX as you did to be completely sure that mail will be delivered even if our network segment (with mxsrv*) is unavailable which is not likely as it is located in US.
2) Remove your destination servers from MX and be fully protected.

[w-e-v]

However here you have choice:
1) Set MX as you did to be completely sure that mail will be delivered even if our network segment (with mxsrv*) is unavailable which is not likely as it is located in US.
2) Remove your destination servers from MX and be fully protected.

I completely understand, and I definitely want choice No. 2.
But what I dont understand is, that if I "remove my destination servers from MX", that means mail.mydomain.com will not exist anymore. How can CASG deliver the messages that where filtered to our servers if mail.mydomain.com doesnt exist anymore?

[Kirill Nelinov]

CASG will deliver taking destination not from MX but from routes you enter in CASG UI

[w-e-v]

So actually the destination route in CASG UI (which right now I have configured is mail.mydomain.com) its only used by CASG to resolve the IP and forward messages to that IP through the port configured, am I right?

I thought that the destination route in CASG UI was and should be the MX record from the server.

[Kirill Nelinov]

So actually the destination route in CASG UI (which right now I have configured is mail.mydomain.com) its only used by CASG to resolve the IP and forward messages to that IP through the port configured, am I right?

Yes

I thought that the destination route in CASG UI was and should be the MX record from the server.

Should be the old (original) MX record

[w-e-v]

Great! Thanks Kirill for your help and vital information.

I already made the changes and deleted the MX record for mail.mydomain.com
Now there should be no more direct spamming!

Hopefully I did everything in the right way.
I just hope not to loose messages that people send us.

I will let you know how it goes with the new changes. Thanks again!

[Tags:]