Thanks David.
A question, why is the following line in GAUNTLET? I realize it can have a high
hit rate but with the proliferation of malicious emails that are playing with
the encoding, shouldn't this line be removed?
BODYEND PCRE(?i:Content-Transfer-Encoding: base64)
We run SM 13 with Declude/Sniffer - what would be the best filter file to
add it to?
Is it possible to create a rule that would dump any mail from any TLD over 4
characters?
Thanks,
Noah
From: community@mailsbestfriend.com [mailto:community@mailsbestfriend.com]
On Behalf Of
If you have a local.txt filter add a line like this.. where you can block
any extensions you want:
MAILFROM100PCRE (?i:\.(eu|me|link|rock|xyz|review)$)
David Barker
Mail's Best Friend
Email : mailto:david.bar...@mailsbestfriend.com
david.bar...@mailsbestfriend.com
FYI the 4 in the regex means it will trigger on a TLD with 4 characters if
you want it to trigger on more than 4 you would use 5 etc.
David Barker
Mail's Best Friend
Email : mailto:david.bar...@mailsbestfriend.com
david.bar...@mailsbestfriend.com
Web : http://www.mailsbestfriend.com/
Create a filter of your choice (e.g. 4TLD) and call it from the Declude
global.cfg the filter should contain the following line/s.
MAILFROM100PCRE (?i:\.[a-z]{4,}$)
REVDNS 100PCRE (?i:\.[a-z]{4,}$)
HELO 100PCRE
How do I go about blocking any mail with a .review address?
We have seen a lot of them getting through the filters and they are all
spam.
Thanks,
Noah Duarte
mailto:n...@resposio.com n...@resposio.com
Just add a line
MAILFROM ENDSWITH .review
to one of your existing filter files to push him far above your hold weight...
if you really want to block so rough.
In the past 7 days I can see exactly 3 messages (out of 336000) coming from
.review
All of them are clear
