ORDB Going Bye-Bye, and an Increased Volume of Spam
I've been seeing a pattern, lately, and I figured I'd ping some of the other sys admins out there to see if it's just in my head. Last week, both Slashdot, (among many others,) reported that the ORDB has officially gone belly-up:
So, the response center crew at my work diligently went through each Exchange box we manage and removed ORDB from the spam filter configs. Now, we've begun seeing a huge influx of spam for a lot of our customers. The two may or may not be related, it could just be a bad week for spam, but I figured I'd check and see if anyone else has seen a similar pattern:
So, how 'bout it; anyone else seen spam flowing like the Nile in spring since the removal of ORDB from your spam config in Exchange?
Slashdot wrote:"At noon today (Eastern Standard Time), the long dead ORDB spam identification system began returning false positives as a way to get sleeping users to remove the ORDB query from their spam filters. The net effect: all mail is blocked on servers still configured to use the ORDB service, which was taken out of commission in December of 2006. So if you're not getting any mail, check your spam filter configuration!"
So, the response center crew at my work diligently went through each Exchange box we manage and removed ORDB from the spam filter configs. Now, we've begun seeing a huge influx of spam for a lot of our customers. The two may or may not be related, it could just be a bad week for spam, but I figured I'd check and see if anyone else has seen a similar pattern:
So, how 'bout it; anyone else seen spam flowing like the Nile in spring since the removal of ORDB from your spam config in Exchange?
Free Microsoft Training: Microsoft Learn
Free PowerShell Resources: Top PowerShell Blogs
Free DevOps/Azure Resources: Visual Studio Dev Essentials
Let it never be said that I didn't do the very least I could do.
Comments
-
Smallguy Member Posts: 597Slowhand wrote:I've been seeing a pattern, lately, and I figured I'd ping some of the other sys admins out there to see if it's just in my head. Last week, both Slashdot, (among many others,) reported that the ORDB has officially gone belly-up:Slashdot wrote:"At noon today (Eastern Standard Time), the long dead ORDB spam identification system began returning false positives as a way to get sleeping users to remove the ORDB query from their spam filters. The net effect: all mail is blocked on servers still configured to use the ORDB service, which was taken out of commission in December of 2006. So if you're not getting any mail, check your spam filter configuration!"
So, the response center crew at my work diligently went through each Exchange box we manage and removed ORDB from the spam filter configs. Now, we've begun seeing a huge influx of spam for a lot of our customers. The two may or may not be related, it could just be a bad week for spam, but I figured I'd check and see if anyone else has seen a similar pattern:
So, how 'bout it; anyone else seen spam flowing like the Nile in spring since the removal of ORDB from your spam config in Exchange?
we had a few users get pounded with spam one received 280 over the weekend
not sure if it is related or if it is our anti-spam software which lately has completely sucked and the support has been **** on -
Claymoore Member Posts: 1,637Thanks for the heads-up Slowhand!
I wasn't using ORDB as one of my block lists (I thought I was, but I must have removed it some time ago and just forgot about it), but I saw a huge increase in SPAM on my Exchange server last week. My SMTP service logs were about 33% larger on the 26th, 27th and 28th and my Exchange logs doubled or tripled in size. This means that not only did the connections increase, but more of them got through the SMTP service connection filtering and made it to Exchange for address lookups.
Here are the Block Lists I am using:
Zen.Spamhus.org (just changed from sbl-xbl.spamhaus.org this morning)
BL.csma.biz
List.dsbl.org
bl.spamcop.net
I was using relays.visi.com, but evidently that list has been shut down for some time as well so I removed it this morning. I don't know if any of the lists were relying on the ORDB for part of their information, but something changed and spam levels increased. I also use a blacklist that I maintain as well as a whitelist to support our business contacts who can't seem to figure out how to get their domains removed from a blacklist.
Of course this all happens while I am on vacation. Our Exhange server had some availability problems last week, and panic ensued since I was out. My team informed me that we are getting a new server this week. It's true that the server is getting old, but I was trying to hold out until I could work on a Server 2008 / Exchange 2007 upgrade this summer. Good luck trying to get the powers that be to approve a new server this summer if they just bought one this week. Evidently our new company president lit into my boss about the need for Exchange to always be available, so he just blamed the problems on hardware and ordered a new server. On the bright side, I am the only Exchange admin here and my annual review is due tomorrow...