Custom filtering

Thread: Custom filtering

Search this list only Search all lists
Custom filtering
United States	2007-08-21 12:20:14
I have not in the past tried to do any fancy filtering on messages. Can someone show me how I would set up to catch messages where the "To" is Postmasterdomain.com and there is an attachment containing a pdf file? I want to "vanish" such messages as they are surely spam. Thanks.

Re: Custom filtering
United States	2007-08-21 13:12:08
I would also like to know if any of you have a general magic bullet for all the PDF spam. Regards, Todd Routhier Lightwave Technologies, LLC http://www.PrestigeM essaging.com http://www.YourOwnISP.com -- Within the US: (888) 904-8477 Outside the US: +1-210-881-0600 Orin Wells wrote: > I have not in the past tried to do any fancy filtering on messages. > Can someone show me how I would set up to catch messages where the > "To" is Postmasterdomain.com and there is an attachment containing a > pdf file? I want to "vanish" such messages as they are surely spam. > > Thanks. > > >

Re: Custom filtering - magic bullet for all the PDF spam
United States	2007-08-22 15:59:21

>>I would also like to know if any of you have a general magic bullet for all the PDF spam. Here we have the SPF turned on, the Friends Challenge system turned on, custom-written local.rul & mfilter.rul's turned on, Normal and custom-written RBLs... and those customers do not receive any of the .pdf spams. Certain business email addresses have the Friends Challenge turned off... but the SPF turned on... and they too are not seeing any of the .pdf spams. However, there are certain business accounts that also have SPF-Default set to Off... and they are receiving some .pdf spams, but not many. I would guess that the .pdf spam emails are hard to separate from legit emails content-wise; that they are being eaten-up by the other mechanisms. I haven't looked into the details why. Check your http://127.0.0.1:7026/help/protected.htm#mfilter ;page One thing that helps is that our g_max_bad_to is set to 4. This is set in surgemail.ini directly. Per the http://127.0.0.1:7026/help/aspam.htm page, have these turned on: g_badfrom_check "TRUE" g_badfrom_stamp "TRUE" The above should take care of the IP side of the house, however maybe a Rule for such emails would be good too: Netwin / ChrisP:  Would it be possible for you to write a new Aspam rule for the X-IP-Stats header if the IP is not known and the email contains an attachment? Is there another way that the Admins can block the .pdf spams? Maybe I'm overlooking the obvious here. BarryZ 1USA
RE: Custom filtering - magic bullet for all the PDF spam
United States	2007-08-22 17:06:58

Interesting, early on with the PDF mess I checked the headers and couldn't spot why SPF didn't stop them. - never got the time to sit down a lot with it though. now my Surge says g_badfrom_check is not recommended. btw - anyone using g_spam_vanish anymore?  I had a user click his on the daily email notification log and I was curious if anyone still uses it, when it seems friends is the more recommended one. From: webmaster1usa.com [mailto:webmaster1usa.com] Sent: Wednesday, August 22, 2007 2:59 PM To: surgemail-listnetwinsite.com Subject: Re: [SurgeMail List] Custom filtering - magic bullet for all the PDF spam >>I would also like to know if any of you have a general magic bullet for all the PDF spam. Here we have the SPF turned on, the Friends Challenge system turned on, custom-written local.rul & mfilter.rul's turned on, Normal and custom-written RBLs... and those customers do not receive any of the .pdf spams. Certain business email addresses have the Friends Challenge turned off... but the SPF turned on... and they too are not seeing any of the .pdf spams. However, there are certain business accounts that also have SPF-Default set to Off... and they are receiving some .pdf spams, but not many. I would guess that the .pdf spam emails are hard to separate from legit emails content-wise; that they are being eaten-up by the other mechanisms. I haven't looked into the details why. Check your http://127.0.0.1:7026/help/protected.htm#mfilter ;page One thing that helps is that our g_max_bad_to is set to 4. This is set in surgemail.ini directly. Per the http://127.0.0.1:7026/help/aspam.htm page, have these turned on: g_badfrom_check "TRUE" g_badfrom_stamp "TRUE" The above should take care of the IP side of the house, however maybe a Rule for such emails would be good too: Netwin / ChrisP:  Would it be possible for you to write a new Aspam rule for the X-IP-Stats header if the IP is not known and the email contains an attachment? Is there another way that the Admins can block the .pdf spams? Maybe I'm overlooking the obvious here. BarryZ 1USA No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.484 / Virus Database: 269.12.2/966 - Release Date: 8/22/2007 9:05 AM
Re: Custom filtering - magic bullet for all the PDF spam
United States	2007-08-22 23:10:43

>>g_badfrom_check ; Not used here. ; Superceded. >> g_spam_vanish ; Not used here. ; Each user account can be set to mark the [spamgrade] level and also choose when to Hold, Reject or Vanish on their 'spam' page. BarryZ 1USA

[1-5]

about | contact Other archives ( Real Estate discussion Medical topics )