Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 2870 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

block automatic "Out of Office" replys to tagged SPAM?

JasonIstre
My UTM rejects confirmed SPAM, but tags other SPAM with "[SPAM]" in the subject and delivers to user.  When my users use there Out of Office auto reply in Outlook it will automatically reply to emails that have been tagged with [SPAM] just like normal emails.

So the only emails I ever see in my UTM SMTP spool waiting are a ton of emails like this...

ip: (my internal exchange server ip)
from: "<>"
to: "sue@safehydrolyze.co.in"
subject: "Automatic reply: [SPAM] Limited Time Only - Free Shipping on Ink & Toner!"

How can I stop or prevent this?


This thread was automatically locked due to age.
  • 0
    Jason, is there a reason you don't use the quarantine?  Rather than having users receive an email each time an item is quarantined, I like to quickly move to using twice-daily quarantine reports.

    Can you use the Expression Filter to reject emails with "Automatic reply: [SPAM]" in the subject?  Depending on your email system, that might create a storm of "Automatic reply: [SPAM] Automatic reply: [SPAM] Automatic reply: [SPAM] Automatic reply: [SPAM] {etc.}" emails.

    I still vote for using the quarantine, but you might want to start a new thread to explain your situation more precisely to get suggestions.

    Cheers - Bob
    PS Please remember to always state the exact version you're using - 9.103-5?
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    9.103-5

    I chose to reject confirmed SPAM at transit time.  This blocks 95% of our SPAM.  Using all the UTM spam features I still get about 15-25 SPAM messages a day.

    Only half of those 15-25 actually get tagged [SPAM] and half of those tagged [SPAM] are actually stuff from our vendors like new product announcements, new training classes, or just weekly newsletters. Which I don't really want tagged as spam or quarantined.

    half of those 15-25 that don't get tagged [SPAM] are still spam and stuff like...

    today
    from: Household Coverage  
    subject: Frequently occurring breakdowns - find protection

    today
    from: Enjoy Summer 
    subject: Select a leftover model - We're making room for 2014 inventory

    I wish UTM would catch those, but enabling quarantine would even help.

    So in my findings:
    Quarantine would block more legit stuff that actual SPAM
    SPAM would still get through
Unfiltered HTML