rans6andrew

Daily I keep getting a number emails, each claiming to be a "UPS Notification" and which have a trojan embedded in. When I delete them (Mozilla Thunderbird) they get moved to my deleted items folder BUT this single email totally jams up the folder meaning subsequent deleted items can't clear until the folder is emptied. As I am getting several of these rogue emails each day I have to manually delete and empty the folder in a careful order to prevent the rogue files ever being opened/read. The virus tools I have (AVG) only pick up the threat when it is moved into the deleted items folder.

I have tried using the message filter tool to automatically move the mails to the deleted folder but the lock up seen above still happens with the attendant risk of the next message automatically opening on message deletion, the next message MAY be another rogue message.

If I set a message filter to "remove from POP3 server" is this going to remove the message from the server and NOT bring it to my local folders? Anyone know how this is handled by the Thunderbird system?

Thanks for reading this.

Rans6....

mixture

Time to get better antivirus software. Or get your scanning done server-side (which is really the best way anyway).

No. It won't.

POP3 is an offline protocol.

It pulls the message off the server and you read it locally.

The "remove from server" allows you to save space on the server by deleting the message once it has been downloaded.

Some people don't use this if, for example, they have multiple machines and want to be able to download from multiple machines. But then those people should be using IMAP anyway, as POP3 leave on server has never been very reliable ! (and no, IMAP won't do what you want either)

Hope this makes some sense !

Mike-Bracknell

If you're using POP3 solely, what the server does is retrieve your inbound email (in text format) and append it to a long text file of your email mailbox. This is then indexed by the POP3 server based upon settings negotiated by the client.

i.e. the mailbox on the server looks like this:

<separator>
header and contents of email #1
<separator>
header and contents of email #2
<separator>
header and contents of email #3
<separator>
header and contents of email #4

your mail is then retrieved by the POP3 client by contacting the server and sending a stream of commands that manipulate the index, the content, or both.

Hence, the "leave mail on server" setting in your email client basically means "never send a DELE (delete) command to the server" so the server retains the previous email content and advances the index pointer after sending the unread email down to the client to process as new mail.

The DELE command can be sent from the POP3 client in such a way as to highlight a specific email and delete it from the server without downloading it to the client. This is what the functionality in your Thunderbird client does. *HOWEVER*, something in that email is jamming something about your email stream. Whether it remains untouched by this process, or whether it has to be processed, depends solely on sod's law

Hope this helps you understand POP3 a little better. I would personally look at spamfiltering prior to mail receipt by your mailserver if I were you though.

vulcanised

My Gmail spam folder is full of these, never had one (so far!) get through their filter.

Perhaps something like Mail Preview would work for you?

FullOppositeRudder

If this program works in your situation (and I've never understood the deeper intricacies of how mail servers really work) it will fix your problem.

It enables you to check you mail waiting at the server, and if you don't like what you see, you can delete it at the server without ever having to download it. You can also bounce the offending emails in the faint hope that your address will be flagged as a non-existent one and possible be removed from the list. Even if that doesn't happen, you continue to have the option of killing of the unwanteds without them ever getting in your inbox.

The only downside is that you need to 'train' the program to recognise the "good stuff", and this can take both time and patience.

I've used this one for many years. I will not download mail without using it first.

Regards,
F_O_R

seacue

I also use Mailwasher.

mixture

Erm, I bet it doesn't.

If your mail server only offers the traditional mail protocols (POP3/IMAP etc.), then there are only a limited number of commands your mail client can issue.

Therefore, I reckon what's happening is......

That software quietly downloads your mail behind the scenes, processes it, and then trashes what it doesn't like and displays what's ok.

So you are still downloading your mail, and wasting your bandwidth and processing power.

Server side scanning is the way to go. But you can only do that with the co-operation of your email provider, you cannot initiate server side scanning from your computer, no matter what software you decide to run.

Bushfiva

It's probably using something like TOP msg 0 to download the header block. The local user can then decide either manually or automatically to DELE the email at the server. TOP's an optional command, but I can't think of anything that doesn't support it. Outlook does, and very well.

Keef

When I started getting lots of these, I opened a Gmail account and forwarded all my mail to it. I pull the mail from there instead, like a POP server. The rubbish stays in the Gmail spam folder, and I clear that out every couple of days. Works well.

mixture

My POP3 knowledge is limited, so I guess that's POP3's equivalent to IMAPs capability to download header blocks I guess.

In which case my original statement still stands. It's a lousy method compared to sever-side.

You're still eating up your bandwidth and processing power. And parsing headers gives you a very limited anti-spam coverage, and NO anti-virus coverage (since viruses are in the message body, obviously !).

rans6andrew

thanks for your inputs. I am not concerned about the bandwidth wastage in pulling the crap from the server but I do like the idea of returning said crap to the originator, except that is probably some other poor sod's hijacked account so it will probably not stop it being sent.

perhaps I should forward all mail to my Yahoo mailbox, let that do the spam filter then forward it back to another pop3 I have for emergency use.........

There must be a way to remove/delete it from Thunderbird automatically without it jamming up the deleted items folder. How can a single message jam up the whole deleted items folder? I don't understand. I wonder what happens if I open a specific "crap" folder and put it into there, after all, it does not jam the inbox folder.

Rans6....

le Pingouin

I wonder if your anti-virus program is locking the mailbox file associated with the Trash because it's now "infected"? Mail is stored locally in mbox format as explained for the server - one large file containing all the e-mails for the particular folder in TB.

There's no point in returning it because you'll be tarring your ISP as an originator of malware (assuming they don't filter it out), the originating address is almost certainly faked, & even if you do manage to find the actual originating computer it's likely they're the victim of malware that's doing the dirty work.

FullOppositeRudder

I defer to your knowledge on that point.

I am simply quoting what the program claims to do, and what every reviewer and user understands that it does.

The fact is that by using Mailwasher, one avoids downloading spam into one's inbox, which is what r6a was seeking.

Additionally most users (self included) report greatly reduced rates of spam after using the program - almost zero in my experience..

It works as advertised. That's all there is to it really.

F_O_R

mixture

That's not a bad idea, especially if it's got a consistent subject line.

rans6andrew

er... I thought I said somewhere above that I had set the rules to delete the spam, 'cause I did BUT that caused the deleted folder to jam up on the first message delete and the remaining spam stays stuck in the inbox, then, the next mail in the inbox gets opened automatically which is not what you want if the next message is another trojan carrying mail. So I disabled the auto move to deleted and came onto here for advice...........

Rans6Andrew.

Spurlash2

Is there an option that previews, as opposed to opens, the next email after deleting an email?

or... just to avoid the Delete Folder,

Make a new folder called 'UPS mail', and set a rule to move all email with UPS notification, or whatever the key wording is, to that location. When you download, all the bad stuff should go to the special folder, leaving normal emails to be viewed as normal. You can then empty the folder as you wish.

Similar to what you have tried, but slightly different. Let us know.

rans6andrew

I have gone with the Mailwasher suggestion, it seems to be starting to help. There is just a slight gap in the defences as there is a danger of spam arriving in the mail server in the moments between the Mailwasher activity and the fetching of mail by the mail browser. I have an idea about this which I may try to suggest to the Mailwasher author though he has probably thought about it and worked out why it won't work.

Rans6...

Donalduck

Much easier option and saves you having to become a Windows expert just to read your emails... get rid of it and go to a Linux based operating system (or get an Apple if you really want to spend lots of dollars for something you can get for free). I swapped to Ubuntu a year or so ago now... have not had a single computer problem since... NOT A SINGLE ONE!!! It just works.

Avtrician

Dont return emails, for a couple of reasons.
1. confirms a live email address, that may mean more spamming, or harvesting of your address for nefarious activities.

2. The Posting address may not be the originator at all, but a spoofed address , see point 1.