This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM AntiSpam Expression Filter not scanning for links

We are using UTM 9.706-9. We get a lot of spam that has dynamically created envelope-from addresses, like abc@dyn1.spamdomain.com. The next email is coming from dyn2 and so on. Because the sender blacklist doesn't allow for wildcards in the domain, I can't get them blocked this way.

Because the domain (spamdomain.com) shows up in the body of the email most of the time, I added "spamdomain" as an expression (also as regex like ".*spamdomain.*"). If this keyword shows up as regular text, the filter triggers. However, if it is embedded in an href link, which it is almost every time, it's not. I just want to have confirmation, that this is the way the expression filter works and I'm not making a mistake.

If this is true, do you have any suggestion on how to catch these spam emails? The content is different every time so there is no point in using other keywords.

Thank you.

Michael



This thread was automatically locked due to age.
Parents
  • Hallo Michael and welcome to the UTM Community!

    You're understanding correctly.  I agree with Harsh that you need experienced eyes on the SMTP log and headers of spam emails to find a way to fight this spammer.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hallo Michael and welcome to the UTM Community!

    You're understanding correctly.  I agree with Harsh that you need experienced eyes on the SMTP log and headers of spam emails to find a way to fight this spammer.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data