Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 39 replies
  • Subscribers 1 subscriber
  • Views 170676 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Email Appliance - Spam still getting through

jadedmia
We are using Sophos Email Appliance (latest patch) and according to Sophos we have everything configured the best way to block spam. Still continuing to recieve spam to users inboxes. Really blatant stuff like free gift cards and things like that. Anyone have any ideas on how to stop it? It seems like since about Febuary 2014 a lot more spam is getting through and being marked in the logs as legitimate. I have checked the allow lists and I don't have anything listed that it could be bypassing the policies.

Any help would be greatly appreciated because it seems to be from Sophos's last correspondence that they are basically unwilling to help any further.

James
:53647


This thread was automatically locked due to age.
Parents
  • 0

    We have been able to block TLDs with a rule that can be created as below:

    Additional Policy -> Add  (for Inbound)

    Select Rule Type: use only message attributes (Next)

    Message Attributes  -> Add

    Change dropdown box to : Header
    Name : From
    Change bubble to :  matches regular expression
    Value we use is      .*@.*\.(xxx|link|rocks|nl|ru|sk|fr|it|pl|jp|hk|glb|info|club|invalid|click)

    Rest of the config is up to you really.

    ****Note the regex above will catch anything in the sender domain area with the TLD names you configure

    for example:  since I have the "sk" TLD listed (to catch spam from any @xxxxxxxxx.sk domain), an address like @skymailer.skyauction.com (since it contains a ".sk" entry) would also be filtered.  You can use logs and sender exceptions to excempt known good domains from the policy.  Might be a more elegant regex to use here but this one is working and meets my needs for now.

    HTH Good luck!

    :55348
Reply
  • 0

    We have been able to block TLDs with a rule that can be created as below:

    Additional Policy -> Add  (for Inbound)

    Select Rule Type: use only message attributes (Next)

    Message Attributes  -> Add

    Change dropdown box to : Header
    Name : From
    Change bubble to :  matches regular expression
    Value we use is      .*@.*\.(xxx|link|rocks|nl|ru|sk|fr|it|pl|jp|hk|glb|info|club|invalid|click)

    Rest of the config is up to you really.

    ****Note the regex above will catch anything in the sender domain area with the TLD names you configure

    for example:  since I have the "sk" TLD listed (to catch spam from any @xxxxxxxxx.sk domain), an address like @skymailer.skyauction.com (since it contains a ".sk" entry) would also be filtered.  You can use logs and sender exceptions to excempt known good domains from the policy.  Might be a more elegant regex to use here but this one is working and meets my needs for now.

    HTH Good luck!

    :55348
Children
No Data
Unfiltered HTML