Some emails arrive blank, also GWIA pounded with odd emails

I have an increasing number of users (including myself) who receive SOME (but not all) emails from the outside, and the body of the message is blank. Sometimes changing the view to plain text allows you to see the message, but sometimes not. In looking at GWIA, I noticed another issue (which is probably unrelated), I see that 90% of what is on the GWIA screen are emails to invalid recipients, but the names are domain names with @ourname.org added to the end, ie "nypd.org@ourdomain.org". There's a huge volume of these, and I have not found anything on the internet about any kind of email storm thing going on. I have done maintenance from the primary domain down, no changes. We use Netmail for spam filter, trying to get their support to look at it and tell me why both things are happening. Has anyone seen this, either the blank email body or the odd addresses on GWIA? I had the senders send me mail to another GroupWise system that is also 8.0.3, all agents the same version, and they came in fine. I really think it's not GroupWise but I don't know where to go other than Netmail.

Tags:

  • Hi,

    I'm not sure why your mail is arriving blank, but as for your other issue, you are probably being subjected to a targeted attack. Try blocking the IP addresses that this attack is originating from. This can be done on the GWIA under Access Control, Blacklists.

    Cheers,
  • In article <ehammer.6ovw3z@no-mx.forums.novell.com>, Ehammer wrote:
    > Sometimes changing the view to plain text allows you to see the
    > message, but sometimes not.

    Are the senders consistant? I.e. If an external sender sends it once, do
    you find that many of theirs have the same issue?
    Take a good look at the message source of a number of them to see if you
    can see a common denominator about the source of them.
    Are we looking at html messages that are beyond the rendering abilities
    GroupWise is using, or are the senders sending blank html.
    What version of GroupWise 8 are you running?

    > I see that 90% of what is on the GWIA
    > screen are emails to invalid recipients, but the names are domain names
    > with @ourname.org added to the end, ie "nypd.org@ourdomain.org".
    > There's a huge volume of these

    either a dictionary attack or a denial of service attack. If coming from
    just one IP or a tight range of them, just block them as Laura posted. The
    distributed (i.e. Botnets) sorts of attacks require a whole other level of
    defensive measures and are why so many leave that to cloud filtering
    (antispam and antivirus) services and then only accept mail from said
    filtering service.


    Andy of
    KonecnyConsulting.ca in Toronto
    Knowledge Partner
    http://forums.novell.com/member.php/75037-konecnya
    If you find a post helpful and are logged in the Web interface, please
    show your appreciation by clicking on the star below. Thanks!