|
|
|
|
|
|
|
|
|
|
|
|
|
|
EMAIL UNDER ATTACK
How to protect your Domino servers from Sobig.F
By Daniel Koffler
While SoBig.F looks like spam and shares many of the same characteristics, most of Domino's anti-spam features are useless at blocking it. Aside from installing anti-virus software on your workstations and mail servers, the best methods of blocking SoBig.F are to educate users about opening attachments and to use server based mail rules to eliminate SoBig before it ever gets delivered to your users.
To create server mail rules, open Domino Administrator and select the "Configuration" tab. In the left pane, select Messaging -> Configurations and open the document for the server you want to configure. Edit the document and select the Router/SMTP-> Restrictions and Controls ->Rules tab. Select the "New Rule" button to create a new rule as shown in Figure A.
FIGURE A
 
Create a new server mail rule in Domino 6 Roll over picture for a larger image.
Server mail rules act on all mail delivered to the MAIL.BOX file before it is picked up by the router and delivered to end users. The SoBig.F worm only transmits itself as a ".pif" or ".scr" file, so you can create a mail rule to block messages with those types of attachments. Inform your users you are going to be blocking these file types; this should be part of your corporate email policy. You may also want to block ".bat" files and others. For a complete list of executable file extensions for Windows check out http://antivirus.about.com/library/blext.htm and create a corporate policy that is right for your organization.
In the "New Rule" dialog box, make sure the rule is on and add a condition for every file type you want to block by selecting "any attachment name", "contains" and then enter the file extension you want to block. Make sure that you select the "OR" option when adding subsequent extensions, as depicted in Figure B. The "Specify Actions" section allows you to select what you want done with matching messages. You can reject the messages (the "don't accept message" and "don't deliver message" have the same effect on SMTP messages), you can have their status changes to "held", or automatically quarantine them in a database of your choosing.
FIGURE B
 
You should set up your mail rule much like this. Roll over picture for a larger image.
The mail rule we have created will make sure that SoBig.F and its variants don't end up in your users' mail boxes. Now, let's create a second rule to quarantine messages that are the result of bounces from anti-virus systems.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
-- Advertisement --
Find unused Lotus Notes groups and clean up your address book
Have you ever wanted to get rid of old Lotus Notes groups that were cluttering up your address book, but you weren't sure if they were used? Find Unused Groups can help.
Find Unused Groups will check your ACL, mail, multi purpose and server groups to help you determine if they are used, and who uses them.
Learn how to easily clean up your address book. |
-- Advertisement --
Integrate your Notes Applications with Microsoft Office and Symphony
Integra for Notes Integrates Microsoft Office and/or IBM Lotus Symphony
Requires NO change to the design of the appliation or Installations of DLL's and EXE's
- Integra is a ready to use solution, enhance static reports with Excel data analysis, pivot tables, macros
- User friendly aproach, using a point and click access to features
- Reports from any Lotus Notes databases
- Runs reports through a Notes client, web browser and scheduled basis
- Allows use of LotusScript for advanced data manipulation
- Enables self service reporting capabilities to end-users
Learn more at www.integra4notes.com. |
|
|
|
|
|
|
|
|
|
|
