This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Filtering rules

Does anyone know if there is a way of creating a filter in Puremessage that will block emails which certain words in the subject lines, plus come from *@Hotmail or *@gmail.com or *@outlook.com . So, for instance - and email with a subject containing 'SEO' and is also from either Hotmail, Gmail or Outlook.

My aim is to stop so many SEO offers coming in, and they are generally not from a company email address, and I don't want to block all mail from those domains.

This thread was automatically locked due to age.

0 Jens Pönninghaus over 6 years ago

Hi,

since I am only familar with Puremessage for Unix, the following might not apply to whatever you are referring to as 'Puremessage'.

Since there was no answer within the last couple of weeks, I am tempted to assume that there is no (known) easy way to get this done without substantial changes to the (sieve) policy or your setup.

From my perspective, the most natural approach would be to try to create a custom spam-rule for that in order to adjust the weights. I'm asking for means to create site specific composite rules, e.g. (featuretest1 && featuretest2), once in a while for about a decade but didn't see any 'improvements/comebacks'. The typical suggested workaround was to provide samples to have the rule set adjusted.
You might look into having two independent 'simple' tests with moderate weights, but that will most probably introduce trouble in the sets of mails having feature 1 or 2 but not both but some other independent feature(s) that might give enough additional weight to sink the boat. So in almost all cases where I checked that that approach it was to coarse to give reliable coverage with little risk of collateral damage.
Next option is to 'hard' code those tests in your policy as nested allof/anyof is available as well as substring tests for subject and e.g. envelope from address.
Another option is to have an additional (pmx derived or totally independent) milter hooked to your MTA to do that job.
So, in principle you can 'create' a filter in Puremessage to get that done (btw. what is 'come from <domain>' actually referring to in a technical sense, e.g. env-from, header-from, dns domain of connecting ip, ...) but probably not the way that would seem most natural to us and which I would prefer to have at hand for those cases that are highly site specific and which might need some adjustment from time to time.

Hope this helps or stimulates feedback that gives new thoughts and insights to a very long lasting topic.

Best regards
Jens
Cancel
Vote Up 0 Vote Down

Cancel
0 LEFBE over 6 years ago
Hello Julia,

Below a suggested rule:
Please note you need to adapt it based on your needs:

In this rule the following actions are done:

Check if envelope from contains @gmail.com, @outlook.com, @hotmail.com (please note you can also check for header from)

If true

then check if the subject contains SEO

if true

then add value into message_log file (here : SEO_DETECTED) and add tag into the subject (here : [SEO DETECTED] )

Finally, the PMX Rule:

# attr NAME=Security Rules - SEO detection
    if anyof(envelope :comparator "i;ascii-casemap" :all :contains ["from"]
                      ["@gmail.com"],
             envelope :comparator "i;ascii-casemap" :all :contains ["from"]
                      ["@outlook.com"],
             envelope :comparator "i;ascii-casemap" :all :contains ["from"]
                      ["@hotmail.com"])
    {
        pmx_mark1 "External_IPBlock";
        # attr NAME=Security Rules - SEO detection in subject
        if header :comparator "i;ascii-casemap" :contains ["Subject"] ["SEO"] {

pmx_mark1 "SEO_DETECTED";
pmx_replace_header :index 0 "Subject" "[SEO DETECTED] %%SUBJECT:h_utf8%%";
        }
    }

I Hope this information help you.

Best regards,
--

Best regards,
Florian (aka LEFBE)
Sophos Technical Account Manager
Cancel
Vote Up 0 Vote Down

Cancel