Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 39 replies
  • Subscribers 1 subscriber
  • Views 170690 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Email Appliance - Spam still getting through

jadedmia
We are using Sophos Email Appliance (latest patch) and according to Sophos we have everything configured the best way to block spam. Still continuing to recieve spam to users inboxes. Really blatant stuff like free gift cards and things like that. Anyone have any ideas on how to stop it? It seems like since about Febuary 2014 a lot more spam is getting through and being marked in the logs as legitimate. I have checked the allow lists and I don't have anything listed that it could be bypassing the policies.

Any help would be greatly appreciated because it seems to be from Sophos's last correspondence that they are basically unwilling to help any further.

James
:53647


This thread was automatically locked due to age.
Parents
  • 0

    The system put that emoticon in there.  It's a colon and a right paranthesis so that's why it did it.

    ((?i)(http(s|):)\S+\.(work|country|kim|rocks|click)(\/\S+)?\b)(\/|)\s

    This rule matches a URL with uppercase or lowercase, http or https and ends with .work, .country, .kim, .rocks, .click with or without an ending forward slash /.  It's working very well for us.  I found that all of our snowshoe spam (for now) contains a link ending with .work.  There's your pattern to match.

    Of course if you deal with legit sites that end with any of these TLD's you won't want to use this.  We don't so it works well for us.

    :56477
Reply
  • 0

    The system put that emoticon in there.  It's a colon and a right paranthesis so that's why it did it.

    ((?i)(http(s|):)\S+\.(work|country|kim|rocks|click)(\/\S+)?\b)(\/|)\s

    This rule matches a URL with uppercase or lowercase, http or https and ends with .work, .country, .kim, .rocks, .click with or without an ending forward slash /.  It's working very well for us.  I found that all of our snowshoe spam (for now) contains a link ending with .work.  There's your pattern to match.

    Of course if you deal with legit sites that end with any of these TLD's you won't want to use this.  We don't so it works well for us.

    :56477
Children
No Data
Unfiltered HTML