Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 3 subscribers
  • Views 11015 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Quarantine or blocking email based on sender

SPY3

Hi

 

I would like to block emails coming from some Mailchimp servers or email addresses.

 

Tried putting in IP blocks under the relay tab for Mailchimp but that did not work. Mail comes through a relay first so I think this causes some issues when trying to do that.

 

While looking at all the spam coming in from these servers in mail manager I noticed all sending emails end in mcdlv.net

 

I put *@*mcdlv.net on the blacklist but it does not block them either.... So I am not sure what or how it is filtering with the blacklist now. Normally the blacklist has caused emails to get rejected when doing this.

 

Ideally I would like to send anything coming from mcdlv.net to the quarantine.  Is there anyway to redirect stuff to the quarantine manually? 



This thread was automatically locked due to age.
Parents
  • 0

    Not sure why this is not working.  Please open a support case, because it might be a "feature" added in a recent release, and if so we will all want the problem found and fixed.

    In the interim, I guess you will have to block based on IP using DNAT rules.   These are the mailchimp IPs that I have seen recently

    148.105.12.0/24
    198.2.129.0/24
    198.2.130.0/24
    198.2.138.0/24
    198.2.142.0/24
    198.2.183.0/24
    198.2.184.0/24
    198.2.185.0/24
    198.2.190.0/24
    205.201.129.0/24
    205.201.130.0/24
    205.201.134.0/24

  • 0 in reply to DouglasFoster

    Are you referring to my blacklist filter not working?

     

    I am not sure the DNAT will help. Mail comes though a filtering service before getting to the UTM. Any connection directly from a Mailchimp server currently would get rejected by default.

    Unless it goes looking through the email header in some way.

  • +1 in reply to SPY3

    I'm certain that there's a suggestion in Ideas for *@*domain.com, but that's not supported at present.  All MailChimp emails include an unsubscribe link, so my tendency is to say that you should let folks take care of any problem themselves.  MailChimp has a strict policy against spam, so if you feel like a particular MailChimp customer is spamming, you might want to bring that to their attention.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • +1 in reply to SPY3

    I'm certain that there's a suggestion in Ideas for *@*domain.com, but that's not supported at present.  All MailChimp emails include an unsubscribe link, so my tendency is to say that you should let folks take care of any problem themselves.  MailChimp has a strict policy against spam, so if you feel like a particular MailChimp customer is spamming, you might want to bring that to their attention.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML