Quarantine or save SPAM based on rules

Kham Vue kvue at WADSNET.COM
Wed Nov 26 19:59:19 GMT 2003 

Thankx Julian.  That worked.


----- Original Message -----
From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
To: <MAILSCANNER at JISCMAIL.AC.UK>
Sent: Wednesday, November 26, 2003 1:04 PM
Subject: Re: Quarantine or save SPAM based on rules


> At 17:01 26/11/2003, you wrote:
> >Julian,
> >
> >Excuse my NEWBIE-ness but here's what I've got.
> >1. Created /etc/MailScanner/rules/lowspam.rules for low spam
> >     From: 10.    store deliver
> >     From: 192.168.    store deliver
> >     From: default    attachment deliver
> >2. Created /etc/MailScanner/rules/highspam.rules for low spam
> >     From: 10.20.    store delete
> >     From: 192.168.    store delete
>
> Don't use store and delete together. What you mean is just to store. It
> won't deliver unless you tell it to.
>
> >     From: default    delete
> >3. Edit /etc/MailScanner/MailScanner.conf and change the following
> >     - Spam Actions =  /etc/MailScanner/rules/lowspam.rules
> >     - High Scoring Spam Actions = /etc/MailScanner/rules/highspam.rules
> >
> >Correct?  Can I just use store and do I need delete also?
>
> Add a "FromOrTo: default" entry as well, with whatever you consider to be
> the appropriate action in this case.
>
>
> >Thankx in advance.
> >
> >
> >----- Original Message -----
> >From: "Julian Field" <mailscanner at ECS.SOTON.AC.UK>
> >To: <MAILSCANNER at JISCMAIL.AC.UK>
> >Sent: Wednesday, November 26, 2003 11:30 AM
> >Subject: Re: Quarantine or save SPAM based on rules
> >
> >
> > > At 16:16 26/11/2003, you wrote:
> > > >We've got a few customers in our network that are sending SPAM. We
have a
> >a
> > > >firewall and every IP address is NAT so the IP addresses are
different
> >each
> > > >time.
> > > >
> > > >Is there a way to quarantine or save SPAM emails based on an IP
address
> > > >range?
> > > >
> > > >For example, if IP X.X sends SPAM, it saves it.
> > >
> > > Use a ruleset saying something like
> > > From:   12.23.34.45     store
> > > FromOrTo:       default deliver
> > >
> > > and set "Spam Actions" and "High Scoring Spam Actions" to point at it.
You
> > > can put all sorts of network definitions in rulesets such as
> > > 12.23.34.45
> > > 12.23.34
> > > 12.23.34.
> > > 12.23.34.0-12.23.35.255
> > > 12.23.34/24
> > > 12.23.34/255.255.255.0
> > >
> > >
> > > >My current solution is I forward all SPAM to a mailbox, every 5
minutes
> >GREP
> > > >for my IP, if found then copy it, else delete box.
> > >
> > > --
> > > Julian Field
> > > www.MailScanner.info
> > > MailScanner thanks transtec Computers for their support
> > >
> > > PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654
> > >
>
> --
> Julian Field
> www.MailScanner.info
> Professional Support Services at www.MailScanner.biz
> MailScanner thanks transtec Computers for their support
> PGP footprint: EE81 D763 3DB0 0BFD E1DC  7222 11F6 5947 1415 B654
>

More information about the MailScanner mailing list