cancel
Showing results for 
Search instead for 
Did you mean: 

Huge Spam Quarantine Notification Messages

Beran
Grafter
Posts: 63
Registered: 31-07-2007

Huge Spam Quarantine Notification Messages

Anyone else troubled by getting huge Spam Quarantine Notification messages? The one for our catchall account is coming in a 5MBytes per day. It lists just about 500 new Spam emails, so the size looks totally outrageous. Also, the hyperlinks on the email are broken in some way. Trying to manually log into quarantine shows no email at all. (Yes, it is 'exactly' the right quarantine email address)
I raised this yesterday morning through a ticket (27617120), but seemingly support were unable to open the message they asked me to send, now it has just gone very quiet.
20 REPLIES
Community Gaffer
Community Gaffer
Posts: 12,807
Thanks: 636
Fixes: 62
Registered: 04-04-2007

Re: Huge Spam Quarantine Notification Messages

How are the hyperlinks broken? What happens when you click them?

Bob Pullen
Plusnet Products Team
If I've been helpful then please give thanks ⤵

Community Veteran
Posts: 26,348
Thanks: 601
Fixes: 8
Registered: 10-04-2007

Re: Huge Spam Quarantine Notification Messages

Quote from: Beran
Trying to manually log into quarantine shows no email at all. (Yes, it is 'exactly' the right quarantine email address)

Are they being sent to aliases of the mailbox or to the mailbox name itself?
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
Beran
Grafter
Posts: 63
Registered: 31-07-2007

Re: Huge Spam Quarantine Notification Messages

Bob,
It only took 2 days, but I finally managed to get Support to see the email. They are seemingly unable to work with Outlook 2003 .MSG files, not good for an ISP providing business support.
We finally got around it by just posting the html in the ticket (number earlier in this thread). The agent I spoke to said the html links were invalid as they were too long. He felt it had rolled all the mailbox names into each hyperlink.
I asked how we could get to the Quarantined mail. The agent felt that they were probably not in the catchall account, but possibly stored against this rolled list of mailbox names. So currently we have mail supposedly in Quarantine that no-one can reach. At present, we don't think thee is anything important there, but if an important business message goes there, we will have a major issue to resolve.
This now sems to have wandered off into the QA/Code Fix route. Maybe Bob can provide a better explanation as to what is wrong, and if there is a temporary workaround, or if we should just abandon Quarantine for now (agan!).
Jelv,
The mail in the catchall account is mostly spam generated with random prefixes to our domain name. As a business, we won't just throw this stuff away, every now and then a customer sends a valuable order to a mis-typed email address and we take great care not to lose orders!
Beran
Grafter
Posts: 63
Registered: 31-07-2007

Re: Huge Spam Quarantine Notification Messages

Seems this isn't important enought for PlusNet to resolve it at this time.We currently have a very large number of 'Spam' emails stuck in IronPort quarantine, without any way of accessing them. Looks like we have no alternative but to turn off Ironport Quarantine until PlusNet decide to fix the issue.
So the warning to everyone else using IronPort Quarantine is if you get a large influx of mail into the catchall quarantine mailbox, it is totally inaccessible. Not really a workable system is it?
Beran
Grafter
Posts: 63
Registered: 31-07-2007

Re: Huge Spam Quarantine Notification Messages

Just had a reply through a support ticket saying PlusNet are not going to fix the issue, and that we should "alter how spam is handled to decrease the risk of this reoccurring."
We have emails now stuck in IronPort quarantine which we can't access.
I can only assume that the support message is suggesting we don't use IronPort quarantine, as we get a large amount of Spam to the catchall account. If this is what is being suggested, then I don't think IronPort quarantine is fit for purpose on a business account.
Maybe Bob or someone fromPlusNet who actually understands can post here a clear explanation?
Community Veteran
Posts: 26,348
Thanks: 601
Fixes: 8
Registered: 10-04-2007

Re: Huge Spam Quarantine Notification Messages

If lots of the spam is too the same prefixes could you create mailboxes for those? You'd be able to look in quarantine for those and perhaps the number left in the catchall quarantine would be manageable.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
Beran
Grafter
Posts: 63
Registered: 31-07-2007

Re: Huge Spam Quarantine Notification Messages

Jelv,
We get a huge amount of spam to random prefixes. Setting individual malboxes for those is unworkable, and would result in a large number of Quarantine Notifications every morning. We also get the occasional mail where a single letter of someones name is mistyped. This obviously ends up in the catchall, and we have to retrieve it manually.
As a business, taking the "it's the sender's fault" approach doesn't work. If the sender happens to be trying to place a large contract, not responding simply because they mistyped an email address just means the contract is likely to go elsewhere.
Community Gaffer
Community Gaffer
Posts: 12,807
Thanks: 636
Fixes: 62
Registered: 04-04-2007

Re: Huge Spam Quarantine Notification Messages

Quote from: Beran
I can only assume that the support message is suggesting we don't use IronPort quarantine, as we get a large amount of Spam to the catchall account. If this is what is being suggested, then I don't think IronPort quarantine is fit for purpose on a business account.

Given the amount of spam you receive then my suggestion would definitely be to review the way you have things set up. Ideally this would involve setting up aliases for the addresses you *do* use and then switching your catch all off. Alternatively, you could look at switching the option on to deliver spam to a different mailbox on your account. You could then log into this separate mailbox periodically to check for anything legitimate.
Quote from: Beran
The mail in the catchall account is mostly spam generated with random prefixes to our domain name. As a business, we won't just throw this stuff away, every now and then a customer sends a valuable order to a mis-typed email address and we take great care not to lose orders!

If you turned the catch-all off and set up aliases then email sent to any non-existant mailboxes would be bounced back to the sender so they would know that it hadn't got through.
I've looked at your ticket and will add some comments to that. I'm not sure if we can do much about the size of the email, but the links should definitely be working and logging you into Quarantine - I've checked my catch-all mailbox and I don't seem to have this problem so it might just be affecting your account.

Bob Pullen
Plusnet Products Team
If I've been helpful then please give thanks ⤵

Community Veteran
Posts: 26,348
Thanks: 601
Fixes: 8
Registered: 10-04-2007

Re: Huge Spam Quarantine Notification Messages

Bob,

In the quarantine email for catch all the link to log in to quarantine has at the end the email address for the quarantine mailbox, followed by a comma separated list of all the different email addresses that the spams were addressed to. So if he's getting 500 spams to say 250 random prefixes and the email addresses are say 25 characters long he's going to end up with a URL that is over 6K long. I'm not surprised that it's not working!
Beran, I suggest you PM Bob the URL following "If the above links do not work, please copy and paste the following URL into a Web browser: " from the end of the email.
jelv (a.k.a Spoon Whittler)
   Why I have left Plusnet (warning: long post!)   
Broadband: Andrews & Arnold Home::1 (FTTC 80/20)
Line rental: Pulse 8 Home Line Rental (£13/month)
Mobile: iD mobile (£4/month)
Community Gaffer
Community Gaffer
Posts: 12,807
Thanks: 636
Fixes: 62
Registered: 04-04-2007

Re: Huge Spam Quarantine Notification Messages

Yeah, I've already picked up on the length of the URL. I've already a copy of one of Beran's notifications so that should be enough to get us started.

Bob Pullen
Plusnet Products Team
If I've been helpful then please give thanks ⤵

Beran
Grafter
Posts: 63
Registered: 31-07-2007

Re: Huge Spam Quarantine Notification Messages

Ask enough questions, and sometimes you get an answer which helps....
I had no idea turning off the catchall account would result in bounce messages to the sender. Maybe this is because we've been through so many different Spam configurations I've missed this somewhere. I recall that PlusNet introduced an option some time back where you could 'blackhole' the catchall account. I've never realised that removing the catchall results in a bounce, instead of a silent discard. (I know the RFCs say you shouldn't discard anything, but this doesn't seem to be the way things are these days).
I had a quick trawl through the PlusNet Helps on Catchall, and none of them say (as far as I can find) what happens to your mail if you turn off the catchall. Maybe some extra explanation here would be helpful to others.
Superuser
Superuser
Posts: 8,878
Thanks: 411
Fixes: 36
Registered: 06-04-2007

Re: Huge Spam Quarantine Notification Messages

Rejection/bouncing (as opposed to silent deletion) of emails to nonexistent mailboxes (or aliases) when Catch-all is Off came in with the introduction of IronPort. As a stop-gap until the documentation is improved I've added a question to the FAQ to cover this behaviour.
If you do create aliases for valid addresses you might want to turn what is currently called "Edge Protection" off. This will ensure no mail is silently discarded after being accepted by the IronPort server.
Proposed renaming of "Edge Protection" (and improvement to the MMM Spam-settings pages) is discussed in the Renaming 'Edge Protection' topic (but that doesn't cover catch-all).
David
Community Gaffer
Community Gaffer
Posts: 12,807
Thanks: 636
Fixes: 62
Registered: 04-04-2007

Re: Huge Spam Quarantine Notification Messages

Quote from: jelv
In the quarantine email for catch all the link to log in to quarantine has at the end the email address for the quarantine mailbox, followed by a comma separated list of all the different email addresses that the spams were addressed to. So if he's getting 500 spams to say 250 random prefixes and the email addresses are say 25 characters long he's going to end up with a URL that is over 6K long. I'm not surprised that it's not working!

This should now be fixed. @Beran, are you able to confirm whether or not that's the case?

Bob Pullen
Plusnet Products Team
If I've been helpful then please give thanks ⤵

Beran
Grafter
Posts: 63
Registered: 31-07-2007

Re: Huge Spam Quarantine Notification Messages

Bob,
No it's not fixed. We turned on the Catchall yesterday, and this morning's notification had all the same issues as the original ones (huge urls, unable to login to quarantine or release emails)
Support ticket has been updated, and the htm content of this mornings mail attached to the ticket.