Quarantine or save SPAM based on rules

Julian Field mailscanner at ecs.soton.ac.uk
Wed Nov 26 18:04:55 GMT 2003 

At 17:01 26/11/2003, you wrote:
>Julian,
>
>Excuse my NEWBIE-ness but here's what I've got.
>1. Created /etc/MailScanner/rules/lowspam.rules for low spam
>     From: 10.    store deliver
>     From: 192.168.    store deliver
>     From: default    attachment deliver
>2. Created /etc/MailScanner/rules/highspam.rules for low spam
>     From: 10.20.    store delete
>     From: 192.168.    store delete

Don't use store and delete together. What you mean is just to store. It
won't deliver unless you tell it to.

>     From: default    delete
>3. Edit /etc/MailScanner/MailScanner.conf and change the following
>     - Spam Actions =  /etc/MailScanner/rules/lowspam.rules
>     - High Scoring Spam Actions = /etc/MailScanner/rules/highspam.rules
>
>Correct?  Can I just use store and do I need delete also?

Add a "FromOrTo: default" entry as well, with whatever you consider to be
the appropriate action in this case.


>Thankx in advance.
>
>
>----- Original Message -----
>From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
>To: <MAILSCANNER at JISCMAIL.AC.UK>
>Sent: Wednesday, November 26, 2003 11:30 AM
>Subject: Re: Quarantine or save SPAM based on rules
>
>
> > At 16:16 26/11/2003, you wrote:
> > >We've got a few customers in our network that are sending SPAM. We have a
>a
> > >firewall and every IP address is NAT so the IP addresses are different
>each
> > >time.
> > >
> > >Is there a way to quarantine or save SPAM emails based on an IP address
> > >range?
> > >
> > >For example, if IP X.X sends SPAM, it saves it.
> >
> > Use a ruleset saying something like
> > From:   12.23.34.45     store
> > FromOrTo:       default deliver
> >
> > and set "Spam Actions" and "High Scoring Spam Actions" to point at it. You
> > can put all sorts of network definitions in rulesets such as
> > 12.23.34.45
> > 12.23.34
> > 12.23.34.
> > 12.23.34.0-12.23.35.255
> > 12.23.34/24
> > 12.23.34/255.255.255.0
> >
> >
> > >My current solution is I forward all SPAM to a mailbox, every 5 minutes
>GREP
> > >for my IP, if found then copy it, else delete box.
> >
> > --
> > Julian Field
> > www.MailScanner.info
> > MailScanner thanks transtec Computers for their support
> >
> > PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654
> >

--
Julian Field
www.MailScanner.info
Professional Support Services at www.MailScanner.biz
MailScanner thanks transtec Computers for their support
PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654

More information about the MailScanner mailing list