I have a remote SMTP relay service so all of my mail comes from specific servers. I would like to block key sources of inbound spam, however, and I'm having trouble doing so.
Essentially, I see the host server as the initiating ip address and FQDN in the email headers. The trouble is, I can't seem to block these sources given the tools the UTM provides.
Under Email Protection \ SMTP \ Anti-spam, there are two tools one can manage:
1. Blacklisted address patterns
2. Expression filter.
It seems the address patterns only help for the specific domain of the sender, which rarely correlates with the sending host FQDN. Spammers send thousands of email using hundreds of domains. This isn't the answer.
The Expression filter description states that "The expression filter scans message content for the expressions you enter here." This appears to exclude the headers.
Can anyone confirm this?
Is there a way I can shut down these spam sources?
Thanks in advance.
This thread was automatically locked due to age.
