Ok great. Thanks for this! Will try to implement
J. Carl Wagar EntreNet Communications Inc <http://www.entrenet.com> www.entrenet.com <http://www.thehostingservice.com> www.thehostingservice.com 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: <mailto:[email protected]> [email protected], skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898 From: [email protected] [mailto:[email protected]] On Behalf Of Darin Cox Sent: Wednesday, April 23, 2014 4:42 PM To: [email protected] Subject: [MBF]Re: spam from .me domains. Hi Carl, We didn’t use the countries file. We set up a separate filter file using MAILFROM and REVDNS tests, and used the END keyword before the weight section to stop the filter from adding weight for those domains we needed to exempt from the test. It looks like this. Here’s how you would use it in the config file: TLDBlock filter C:\{MAILSERVER}\Declude\TLDBlock.txt x 1 0 And here’s a sample of what the TLDBlock.txt file could contain: # Domains to bypass this test REVDNS END ENDSWITH .bonusbox.me REVDNS END ENDSWITH .rels.info REVDNS END ENDSWITH .sendgrid.net MAILFROM END ENDSWITH .clayton.ga.us MAILFROM END ENDSWITH @dor.fl.state.us MAILFROM END ENDSWITH .fl.us # Weights to add, we’re based on 100 hold weight MAILFROM 99 ENDSWITH .asia MAILFROM 99 ENDSWITH .at MAILFROM 99 ENDSWITH .eu MAILFROM 149 ENDSWITH .in MAILFROM 99 ENDSWITH .info MAILFROM 99 ENDSWITH .me MAILFROM 99 ENDSWITH .mobi MAILFROM 99 ENDSWITH .name MAILFROM 109 ENDSWITH .pl MAILFROM 109 ENDSWITH .pw MAILFROM 109 ENDSWITH .re MAILFROM 99 ENDSWITH .tk MAILFROM 74 ENDSWITH .us Darin. From: Carl Wagar <mailto:[email protected]> Sent: Wednesday, April 23, 2014 4:33 PM To: [email protected] <mailto:[email protected]> Subject: [MBF]Re: spam from .me domains. Thanks for this. Did you put the .ME domain in the countries file even though its not a country? J. Carl Wagar EntreNet Communications Inc www.entrenet.com <http://www.entrenet.com> www.thehostingservice.com <http://www.thehostingservice.com> 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: [email protected] <mailto:[email protected]> , skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898 From: [email protected] <mailto:[email protected]> [mailto:[email protected]] On Behalf Of Darin Cox Sent: Wednesday, April 23, 2014 4:25 PM To: [email protected] <mailto:[email protected]> Subject: [MBF]Re: spam from .me domains. Yep. We added a weight for .ME, and several other TLDs last year, mostly country TLDs. All of them failed other spam tests, so we just added enough to get them to the hold weight. If needed, we add a counterweight for specific domains, but we’ve only needed to do that a couple of times in the past year. Most legit traffic still uses COM/NET/ORG. Darin. From: Carl Wagar <mailto:[email protected]> Sent: Wednesday, April 23, 2014 9:50 AM To: [email protected] <mailto:[email protected]> Subject: [MBF]spam from .me domains. Has anyone witnessed a large increase in spam coming from address in .ME domains and containing links to .ME domains? It looks to me like some (expletive) hacker has found a way to hack a registrar for .ME domains to create them like crazy and is blasting a lot of spam. Although MOST of it is detected by SNIFFER, about 10 percent does not, and the combination of BHL and other filters do not get it over my threshold to HOLD. I have changed the FILTER-COUNTRY to boost the weight of .ME domain (anyone unfortunate enough to send legitimate mail from there is out of luck) but I had to raise the MAXWEIGHT. I expect this is not the best place to put it. Comments? Carl J. Carl Wagar EntreNet Communications Inc www.entrenet.com <http://www.entrenet.com> www.thehostingservice.com <http://www.thehostingservice.com> 24 Swain Ave, Ottawa, ON, K1G 4T1, Canada Email: [email protected] <mailto:[email protected]> , skype: jcwagar Tel: +1 613-737-7327, Fax: +1 613-737-5801 Cel: +1 613-818-8898 From: [email protected] <mailto:[email protected]> [mailto:[email protected]] On Behalf Of Dave Beckstrom Sent: Tuesday, April 22, 2014 5:42 PM To: [email protected] <mailto:[email protected]> Subject: [MBF]Smartermail / Declude and attachments I have a customer who about once a month will suddenly say they aren't receiving emails that have attachments. They claim the file sizes are well below their max message size limit. Is there a way to whitelist any email to them that has an attachment? As far as I know, declude doesn't look at the attachments. We have no virus scanner and virus scanning in declude is disabled. But at this point, I'd like to pass through anything with an attachment and they can deal with the spam. Any ideas?
