Smartermail / Declude and attachmentsHi Carl,
We didn’t use the countries file. We set up a separate filter file using
MAILFROM and REVDNS tests, and used the END keyword before the weight
section to stop the filter from adding weight for those domains we needed to
exempt from the test.
It looks like this.
Here’s how you would use it in the config file:
TLDBlock filter C:\{MAILSERVER}\Declude\TLDBlock.txt x 1 0
And here’s a sample of what the TLDBlock.txt file could contain:
# Domains to bypass this test
REVDNS END ENDSWITH .bonusbox.me
REVDNS END ENDSWITH .rels.info
REVDNS END ENDSWITH .sendgrid.net
MAILFROM END ENDSWITH .clayton.ga.us
MAILFROM END ENDSWITH @dor.fl.state.us
MAILFROM END ENDSWITH .fl.us
# Weights to add, we’re based on 100 hold weight
MAILFROM 99 ENDSWITH .asia
MAILFROM 99 ENDSWITH .at
MAILFROM 99 ENDSWITH .eu
MAILFROM 149 ENDSWITH .in
MAILFROM 99 ENDSWITH .info
MAILFROM 99 ENDSWITH .me
MAILFROM 99 ENDSWITH .mobi
MAILFROM 99 ENDSWITH .name
MAILFROM 109 ENDSWITH .pl
MAILFROM 109 ENDSWITH .pw
MAILFROM 109 ENDSWITH .re
MAILFROM 99 ENDSWITH .tk
MAILFROM 74 ENDSWITH .us
Darin.
From: Carl Wagar
Sent: Wednesday, April 23, 2014 4:33 PM
To: [email protected]
Subject: [MBF]Re: spam from .me domains.
Thanks for this.
Did you put the .ME domain in the countries file even though its not a
country?
J. Carl Wagar
EntreNet Communications Inc
www.entrenet.com www.thehostingservice.com
24 Swain Ave, Ottawa, ON, K1G 4T1, Canada
Email: [email protected], skype: jcwagar
Tel: +1 613-737-7327, Fax: +1 613-737-5801
Cel: +1 613-818-8898
From: [email protected] [mailto:[email protected]]
On Behalf Of Darin Cox
Sent: Wednesday, April 23, 2014 4:25 PM
To: [email protected]
Subject: [MBF]Re: spam from .me domains.
Yep. We added a weight for .ME, and several other TLDs last year, mostly
country TLDs. All of them failed other spam tests, so we just added enough
to get them to the hold weight.
If needed, we add a counterweight for specific domains, but we’ve only
needed to do that a couple of times in the past year. Most legit traffic
still uses COM/NET/ORG.
Darin.
From: Carl Wagar
Sent: Wednesday, April 23, 2014 9:50 AM
To: [email protected]
Subject: [MBF]spam from .me domains.
Has anyone witnessed a large increase in spam coming from address in .ME
domains
and containing links to .ME domains?
It looks to me like some (expletive) hacker has found a way to hack a
registrar
for .ME domains to create them like crazy and is blasting a lot of spam.
Although MOST of it is detected by SNIFFER, about 10 percent does not, and
the
combination of BHL and other filters do not get it over my threshold to
HOLD.
I have changed the FILTER-COUNTRY to boost the weight of .ME domain (anyone
unfortunate
enough to send legitimate mail from there is out of luck)
but I had to raise the MAXWEIGHT. I expect this is not the best place to put
it.
Comments?
Carl
J. Carl Wagar
EntreNet Communications Inc
www.entrenet.com www.thehostingservice.com
24 Swain Ave, Ottawa, ON, K1G 4T1, Canada
Email: [email protected], skype: jcwagar
Tel: +1 613-737-7327, Fax: +1 613-737-5801
Cel: +1 613-818-8898
From: [email protected] [mailto:[email protected]]
On Behalf Of Dave Beckstrom
Sent: Tuesday, April 22, 2014 5:42 PM
To: [email protected]
Subject: [MBF]Smartermail / Declude and attachments
I have a customer who about once a month will suddenly say they aren't
receiving emails that have attachments. They claim the file sizes are well
below their max message size limit.
Is there a way to whitelist any email to them that has an attachment? As
far as I know, declude doesn't look at the attachments. We have no virus
scanner and virus scanning in declude is disabled. But at this point, I'd
like to pass through anything with an attachment and they can deal with the
spam. Any ideas?
