Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 4207 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sender Blacklist not working?

ehofstede
Hi,

I have configured SMTP Profiles on my UTM. Within one of these profiles I configured extra settings to "Sender Blacklist"

I selected "Add global settings to settings below" and in the "Blacklisted address patterns" field I added *@spiceworks.com and *@em.spiceworks.com

Now I'm still receiving email from info@em.spiceworks.com

Does anybody know why my UTM isn't stopping these emails? Does the "Sender Blacklist" part not work?

Thanks!


This thread was automatically locked due to age.
  • 0
    I haven't tried this anywhere and I haven't seen any issues related to it here, so I don't know that it works.  Please post a picture of the additional patterns and the SMTP log file lines related to the received email you wanted to reject.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Hi Bob,

    Thanks for your reply.
    I checked the smtp log and I see something I cannot explain...

    Outlook says the email sender is "Spiceworks "
    Outlook says this with every email I get from them.

    But the UTM logging says this;
    nrhtf4w-okutk-bxo18-40ihmc-c58fug-h-m2-20130917-693bac242d6169f8@spiceworks.bounce.ed10.net
    pngb3xk-7b4sq-ddct3-0g6c0p-26nker-h-m2-20130917-57e2a52d60d0c0e1@spiceworks.bounce.ed10.net
    4vxw2u1-dc429-kjm2q-s3utlq-5cuxyt-h-m2-20130912-0f67ca406fdcaeb1@spiceworks.bounce.ed10.net


    So with every mail a different sender, only the domain seems to stay the same.
    But what I cannot explain is, how can they send something from "rubbisch@spiceworks.bounce.ed10.net" through your mail filter and make it look like info@em.spiceworks.com in you mail client?

    I have send a few attachments as well...

    Thanks!
    Erwin.
  • 0
    Erwin, as you've already seen, you need *@spiceworks.bounce.ed10.net instead of the two you have in place.  It's the difference between the 'From' and 'Sender' fields.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Hi Bob,

    I first added the address I saw in Outlook, without looking in the smtp log... Now I have added *@spiceworks.bounce.ed10.net to the blacklist. Let's see what that does...
    Too bad though that this is too difficult for normal users... It would be nice if UTM would look at both From and Sender fiels...

    That's a real interesting document! Thanks for that. I bet I can learn more from it! [:)]

    Regards,
    Erwin.
Unfiltered HTML