Page 1 of 2 12 LastLast
Results 1 to 10 of 13
  1. #1
    Master Untangler
    Join Date
    Sep 2007
    Posts
    143

    Default Manual Spam Blocking

    Is it possible to block email with a specific subject, e.g. "Viagra" within Untangle's spam assassin implementation?

  2. #2
    Master Untangler
    Join Date
    Sep 2007
    Posts
    143

    Exclamation Updates

    The solution is to create a custom filter file within the UTM:

    Code:
    nano -w /etc/spamassassin/customrule.cf
    And add your block rules, as necessary:

    Code:
    header LOCAL_VIAGRA_RULE Subject=~ /viagra/i
    score LOCAL_VIAGRA_RULE 99.0
    describe LOCAL_VIAGRA_RULE Viagra
    
    header LOCAL_VIAGRA2_RULE From=~ /VIAGRA/i
    score LOCAL_VIAGRA2_RULE 99.0
    describe LOCAL_VIAGRA2_RULE Viagra2
    
    header LOCAL_VIAGRA3_RULE Subject=~ /VIAGRA/i
    score LOCAL_VIAGRA3_RULE 99.0
    describe LOCAL_VIAGRA3_RULE Viagra3
    
    header LOCAL_SALE_RULE Subject=~ /sale/i
    score LOCAL_SALE_RULE 99.0
    describe LOCAL_SALE_RULE Sale
    Once your finished, restart spam assassin:

    Code:
    /etc/init.d/spamassassin restart
    You can monitor the mail log to blocking results:

    Code:
    tail -f /var/log/mail.log
    For more information regarding spam assassin custom rules please visit: http://wiki.apache.org/spamassassin/WritingRules.
    Last edited by md3v; 02-05-2010 at 11:54 PM.

  3. #3
    Master Untangler aurbano's Avatar
    Join Date
    Feb 2009
    Location
    São Paulo - SP - Brazil
    Posts
    299

    Default

    Thank md3v
    I needed to know how to do this.
    Adriano Urbano Esposito
    UTBrasil - Untangle para Brasileiros.
    Revenda autorizada untangle no Brasil.
    http://www.utbrasil.com.br

  4. #4
    Untanglit
    Join Date
    Jul 2009
    Posts
    19

    Default

    I followed the example and the viagra emails are still getting through.
    They have VIAGRA in the from field but the email address is a valid address within our domain. Something like:
    100% VIAGRA now <validuser@mydomain.com>

    Will the J & J script help with this or maybe I missed something above? How can I test the customrule.cf file to see if it actually works?

    Thanks!

  5. #5
    mdh
    mdh is offline
    Untangle Ninja mdh's Avatar
    Join Date
    Aug 2007
    Posts
    4,752

    Default

    Do you have tarpit on? Regardless of the email address that appears, the IP they are coming from may get blocked with tarpit. I get 50 emails a day from me, and while I may be scattered at times, I don't have email dialogs with myself.

  6. #6
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,486

    Default

    Quote Originally Posted by elj4176 View Post
    I followed the example and the viagra emails are still getting through.
    They have VIAGRA in the from field but the email address is a valid address within our domain. Something like:
    100% VIAGRA now <validuser@mydomain.com>

    Will the J & J script help with this or maybe I missed something above? How can I test the customrule.cf file to see if it actually works?

    Thanks!
    Nothing will stop it if you added your own domain to the passlist.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  7. #7
    Untangler
    Join Date
    Jun 2009
    Posts
    92

    Default Pop3...

    I am curious what, (if anything), POP3 users can do about this SPAM problem lately...marking is great, but it sure would be neat if my users didn't see these at all...

  8. #8
    mdh
    mdh is offline
    Untangle Ninja mdh's Avatar
    Join Date
    Aug 2007
    Posts
    4,752

    Default

    I know this doesn't answer your question, but it sure would be nice if the ISPs would block this crap completely instead of just labeling it as spam and sending it to a spam folder. I find it hard to believe that they can't figure out hundreds of thousands of messages on the same subject at the same time are legitimate. Grrr!

  9. #9
    Master Untangler
    Join Date
    Sep 2007
    Posts
    143

    Exclamation

    The configuration I outlined does work but won't address spam which is send by a spammers mail relay using transport layer security (TLS) / SSL.

    The only options to address TLS transported spam are:

    1. Enable "Stop TLS encryption over SMTP" (this is Untangle's default setting)

    NOTE: This will block any mail servers, living behind your UTM, from receiving mail securely.

    2. Enable "Allow TLS encryption over SMTP" in Untangle and run local spam filtering software on your mail servers in order to scan mail after the TLS session is complete.

    3. Run a batison host mail server in front of Untangle which accepts mail securely for any servers/domains behind the UTM then relays the mail through Untangle where it can be spam filtered.

  10. #10
    Untanglit
    Join Date
    Jul 2009
    Posts
    19

    Default

    I had to turn tarpitting off. It seemed to be giving our off-site users problems with their mail - but that was before we started using the VPN.
    I guess I could turn it back on and see what happens.
    Our mail server does do some spam filtering but not much.

Page 1 of 2 12 LastLast

LinkBacks (?)

  1. 03-25-2011, 10:57 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2