Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 1 subscriber
  • Views 3715 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Antispam ignoring blacklist

ilanxp
Hello world !
Since I upgraded my software from 8.311 to 9.1, the antispam seems less perfomant and lets more emails go by. In addition, it also seems to ignore the addresses I put in the blacklist.
Any idea someone ?


This thread was automatically locked due to age.
  • 0
    Hello world !
    Since I upgraded my software from 8.311 to 9.1, the antispam seems less perfomant and lets more emails go by. In addition, it also seems to ignore the addresses I put in the blacklist.
    Any idea someone ?


    World to ilanxp:

    ;o)

    Which antispam features do you have active (rbl's, spf, rdns etc.)?

    /World

    *gg*
  • 0
    reject at SMTP time : spam
    use recommended RBLs (checked)
    spam action : quarantine
    confirmed spam action : blackhole
    spam marker : *SPAM*
    sender blacklist : about 15 email addresses
    expression filter : about 15 expressions
    advanced antispam features : 
    -Reject invalid HELO / missing RDNS (checked)
    -Use BATV (checked)
    -Perform SPF check (checked)

    Thank you Wooorld !
  • 0
    The settings are good, and the only change I would suggest would be 'reject at SMTP time : Confirmed spam'.  Can you show us the 'From:' line from the header of an email that should have been blocked and the related blacklist entry?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    From: StyleRiver [mailto:notification@styleriver.com]
  • 0
    Normally, I would have expected to see "From: StyleRiver notification@styleriver.com>" - I have to wonder if you got that from inside the headers.  Also, please show what you have in the Sender Blacklist that should have caused the email to be rejected.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Can you please post a screenshot of what you have configured in the blacklist, or alternatively copy and paste the relevant blacklist entry?

    Do you have any exceptions that match these emails?
  • 0
    Hi,

    in my blacklist entries I entered the address: notification@styleriver.com.
    In the header you see "mail to" because I've got the mail forwarded from the complaining user.
  • 0
    The user must forward the complete email, including the header.

    Just as your user needs to supply you with original data, telling us what you have done is not a substitute for showing us.  Read How To Ask Questions The Smart Way.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Anyway as I'm checking my old weekly reports, I can see that since I updated from 9.105 to 9.106, the antispam feature is not working as well as it was before.
Unfiltered HTML