Highlighted
Absent Member.
Absent Member.
1149 views

Some emails arrive blank, also GWIA pounded with odd emails

I have an increasing number of users (including myself) who receive SOME (but not all) emails from the outside, and the body of the message is blank. Sometimes changing the view to plain text allows you to see the message, but sometimes not. In looking at GWIA, I noticed another issue (which is probably unrelated), I see that 90%+ of what is on the GWIA screen are emails to invalid recipients, but the names are domain names with @ourname.org added to the end, ie "nypd.org@ourdomain.org". There's a huge volume of these, and I have not found anything on the internet about any kind of email storm thing going on. I have done maintenance from the primary domain down, no changes. We use Netmail for spam filter, trying to get their support to look at it and tell me why both things are happening. Has anyone seen this, either the blank email body or the odd addresses on GWIA? I had the senders send me mail to another GroupWise system that is also 8.0.3, all agents the same version, and they came in fine. I really think it's not GroupWise but I don't know where to go other than Netmail.
Labels (2)
0 Likes
2 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Some emails arrive blank, also GWIA pounded with odd ema

Hi,

I'm not sure why your mail is arriving blank, but as for your other issue, you are probably being subjected to a targeted attack. Try blocking the IP addresses that this attack is originating from. This can be done on the GWIA under Access Control, Blacklists.

Cheers,
Laura Buckley

Views/comments expressed here are entirely my own.
If you find this post helpful, please show your appreciation and click on "Like" below...
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Some emails arrive blank, also GWIA pounded with odd emails

In article <ehammer.6ovw3z@no-mx.forums.novell.com>, Ehammer wrote:
> Sometimes changing the view to plain text allows you to see the
> message, but sometimes not.

Are the senders consistant? I.e. If an external sender sends it once, do
you find that many of theirs have the same issue?
Take a good look at the message source of a number of them to see if you
can see a common denominator about the source of them.
Are we looking at html messages that are beyond the rendering abilities
GroupWise is using, or are the senders sending blank html.
What version of GroupWise 8 are you running?

> I see that 90%+ of what is on the GWIA
> screen are emails to invalid recipients, but the names are domain names
> with @ourname.org added to the end, ie "nypd.org@ourdomain.org".
> There's a huge volume of these

either a dictionary attack or a denial of service attack. If coming from
just one IP or a tight range of them, just block them as Laura posted. The
distributed (i.e. Botnets) sorts of attacks require a whole other level of
defensive measures and are why so many leave that to cloud filtering
(antispam and antivirus) services and then only accept mail from said
filtering service.


Andy of
KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!

___
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.