My organization has recently switched from GFI Mail Essentials to SMG 10.0.1. While we initially had great results, a few problems have surfaced. We needed to disable rDNS checking as some of our clients don't have DNS records configured correctly, and simply adding their domain and the domain of their mail server to the good senders reputation list was ineffective (seems to check rDNS and bounce before ever processing any other filters?).
As expected, there has been a marked increase in spam, which has made quite a rash on my hide over the last two days. Here are a couple examples of headers from the illicit mail:
Microsoft Mail Internet Headers Version 2.0
Received: from our.mail.server ([its ip]) by mail.ourdomain.com with Microsoft SMTPSVC(6.0.3790.4675);
Thu, 2 May 2013 14:47:05 -0700
Received: from our.brightmail.appliance (its ip) by
our.mail.server (its ip) with Microsoft SMTP Server id
14.2.342.3; Thu, 2 May 2013 14:46:56 -0700
X-AuditID: c0a800e5-b7fd36d0000070b8-a6-5182deca79cd
Received: from oik.communicatelonggovernment.net (Unknown_Domain
[193.142.111.66]) by our.brightmail.appliance (Symantec Messaging
Gateway) with SMTP id F9.60.28856.BCED2815; Thu, 2 May 2013 14:46:52 -0700
(PDT)
To: <user@ourdomain.com>
Subject: Trending Video on How to Lose Fat by Dr Oz
Date: Thu, 2 May 2013 17:45:51 -0400
From: the dr oz video <Alba_Berg@communicatelonggovernment.net>
MIME-Version: 1.0
Message-ID: <6889883781357630454@oik.communicatelonggovernment.net>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
X-Brightmail-Tracker: H4sIAAAAAAAAA12SfUgTYRzH99ymO9ceu91Mz+mKrogSNMsgS4lKqKB/WpCFRHbq6Q7Pm9zd
dCakaC8o5EsQ1iyNigrFClFYr+T1YplQqH9Eb1BpsIrS/opB1j3bTc/+uh+f7/2e7/e+z+FG
ctLswFmfzIoCw9OxFtNQi2d7+uiHBlfm6fbU7K7ANbAV7AoMNpn3gAJLbgnLc1WsuHbLYYt7
4t5wTOWX9b5TVzrN9eBYWjOIwyliA/Vr+I45MidSrz7cjG0GFpwk3gKq6dwLgIQEwkk9+TIZ
g2Y7kUX1TFwOcxOxknrZ22JEcyyxjeoaua/OOA4JG/UnYEcYEnnUyNAlE5qNRBr1ejaIReZl
VONgZ/h1I5FCXZvF24DVP7/s1y34dQv++YWLwNQDnMy6IpErc8vVoiClS6UZ6CmwcgbvKWb4
fqA29PC6YSoAhjtyFUDggLZC34kGFxnDVEk1FQooxzF6Cfz7WkXxRZ6SGjcjuQtFL89KdALk
3qsYzuEiL19OO+BZRO1zVGCrJZ6V1Suhl8JlpKolzWmSV6rkijmPVyr0irwCKNyoHht6gI4t
YWqOsKInYqYADDcroEH9PKJ7KLTfYRI8AktTMBGZ2US2jPWVcrxqooVLgvI7VSH0SjifE84O
qEKiXtBFXA4fHalzkQ69/H9KDI9TQBluVaPGhRuQKpkKiSvTrO3wPrK2RmnYNhkOIEhGoc7S
CadtKFFUWmg3BpwOOwQGg4G0VrJiBSdrNtrP/QbEk+EyHBr4BGx40EzGWjBWIHIiRX0FxerV
2uFqFNfKCfJ8WhJOoGCLNBgOS8GniNk0psuaCguUehe5RFMWRv2qloKppdxGDUJJZmR9Ke7a
OlSKRrVSShEko3BBKRySEqPSQidHPbi4+bNBzLk1+T3zRW/J+bNtSvld7Nvu0M/UM5a947dn
LPsOFM4sbb0kYoeSn/mDF360tmzquHC37+rv1oM7Vy6eqn18lF5zIyu78XrGjrpH4vHRkRV/
fSP5yWnj8VkZqwL3fhz8/tFXH+xzrNoYUsjA1MDV/vyUsen2zu7nxWtq8/pO0ibJzaxLM4oS
8w/s03rRdwQAAA==
Return-Path: Alba_Berg@communicatelonggovernment.net
X-GFI-SMTP-Submission: 1
X-GFI-SMTP-HelloDomain: our.brightmail.appliance
X-GFI-SMTP-RemoteIP: brightmail.ip
X-OriginalArrivalTime: 02 May 2013 21:47:05.0078 (UTC) FILETIME=[9624F960:01CE477E]
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Received: from our.brightmail.appliance (it's ip) by
our.mail.server (it's ip) with Microsoft SMTP Server id
14.2.342.3; Thu, 2 May 2013 08:11:22 -0700
X-AuditID: c0a800e5-b7fd36d0000070b8-16-51828214e245
Received: from mx04.mumrug.com (daily5.myastrologicalguide.com
[66.172.81.105]) by our.brightmail.appliance (Symantec Messaging
Gateway) with SMTP id E7.AF.28856.61282815; Thu, 2 May 2013 08:11:22 -0700
(PDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Reply-To: <AubreySanders@mumrug.com>
Date: Thu, 2 May 2013 08:11:16 -0700
From: Impress Everyone <AubreySanders@mumrug.com>
Subject: Just want to rapidly learn another language?
To: <user@ourdomain.com>
Message-ID: <20130501041734.32547.82115@mx04.mumrug.com>
X-Brightmail-Tracker: H4sIAAAAAAAAA12SfUgTYRzH92xrO9eeuN1yPc3MOioqm2lZSEhUEPVHL47obRB1unO7um1y
d0vthZlKkPRHBb0oRW4VmL0HvZhhNVN7hTAiMxOR7GVQRET0RnXPebOzv+7H9/Pc7/vl+zyE
gXpidhJsmcQKQYanTRbjorNuzuWsrHRnf4g68r40nTEvAEuvX9ljLgAeS76X5bmtrDBz/iaL
/9TP3aaSrgllfRe7TBUgllYDUghE5qKBP+/B4OxAT3ovmGqAhaDILoCq9/abMDCQM1B982dl
hqQN3a99bRzUM9C1D0cNeKbISSiReKycMZKTUXtblR7PJjIHDZz9oRjYyTnoeO9n5d/RZBq6
1HjSOLgzD7151zZiH7DWaezqNHZ1Grt6YGgE6UxOocD5/FKpEBRdYnEW/gZZKYsPFTH8ZSA3
c7tBN3AddBzOjwOSALQVfnLtclMjmK1ieSAOthB6OhU2RCrd1KjCkLfcz4j+jUKYZ0V6NHxR
IctwSC4M81toJ/yND9uH1CBbKvKsJF8FPR5mUDIbM8TEsFjCFXGhsLgxLPBxgAiDvLZ3LV7r
Zcq3sUJo0CwO9IQ5DkoJgkawG9vaBNbHlhVzvLxYDTQGHtklE1JLlEzp8KtHBg4t0MSaCFu3
RdyUU4v/T6YnUuLAR1jleEuwCRRLmIDI+VRrO5yGQ1mTqmI7FqZhkUqKGst0+MmGEyXRcLtO
kO60Q6DT6ShrCSsEOEm1UR9yNxhFGYOhIOtUhX5gI96bKZNFzwbJeU6FJUCRfJ12qMNxrVxQ
+peWggtwsJGqqIRFME+pVdU0WcdBT7zCTaWqZHjUhFyKXi6lCTcIRYmRtKX4t0dwKaqqllKM
RSopDiuFw8iRRMOdnBVgYfXpqsxluo6aiCv2tKfzVQ89ZeeJA7fW9H309Kbc6//x7KB5eXTD
2Bvr+gK/rkYaVyZWx2IvXvms0qH2l013mh1V58O6kbNzW6zTWlpzZq2J7nQ9evA9O/fd3BNr
a29uPrZ3PtrxMPvtNz6/4/n+aGCFt/pl9zlvxvpVtXdf3yjInLqYNop+Jme6QRCZv86ppLZj
BAAA
Return-Path: AubreySanders@mx04.mumrug.com
X-MS-Exchange-Organization-AuthSource: our.mail.server
X-MS-Exchange-Organization-AuthAs: Anonymous
X-GFI-SMTP-Submission: 1
X-GFI-SMTP-HelloDomain: our.brightmail.appliance
X-GFI-SMTP-RemoteIP: brightmail.ip
So, is there anyway for me to curb some of this spam without re-enabling rDNS? I realize that blacklisting domains and IP's would be pretty futile... If not, is there anyway to configure SMG 10 to check sender whitelist before it bounces? If any/all of these seem pretty simple, my appologies; I'm still pretty new to SMG/Brightmail and exchange in general.
And thanks for your help!