blocking out-of-office

Glenn Steen glenn.steen at gmail.com
Fri Aug 4 17:11:14 IST 2006


On 04/08/06, Peter Peters <P.G.M.Peters at utwente.nl> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Glenn Steen wrote on 4-8-2006 16:10:
>
> >> But we have a lot of organizations in our organization. A lot of the
> >> (bigger) departments run their own exchange. And while the AD is shared
> >> they still tend to send e-mail from one department to the other through
> >> SMTP (which is good because it gets scanned by MailScanner).
> >
> > Um, I'm feeling more than the usual tad slow here (Friday afternoon
> > syndrome:-), are you saying you want to block all OoO trying to exit
> > the "superorganisation" or the ones bouncing around between
> > suborganisations?
> > SA rule(s) could help you, I suppose, if you want something selective
> > (PF header_checks are bit limited so wouldn't handle that
> > gracefully:-).
>
> Yes, I would want to block OoO's trying to get outside the university
> but keep the OoO's flowing between the departments.
>
Well then, you'd have two problems:
1) Identifying an OoO.
2) selectively disallowing them to exit your organization.

I'd look into making a set of SA rules to facilitate this. One or two
to identify that the message really is an OoO, that it originates from
one of your subdomains, and finally one rule to combine those results
and giving that one a truly hefty score, pushing it into the high
scoring spam category.
Either that, or go the CustomFunction route (or perhaps even try to
make something out of the generic AV option).
My Friday-afternoon-syndrome has moved on to Friday-evening-syndrome
(into my first beer and fired up the grill), so I'd not trust myself
further than that:-)

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se


More information about the MailScanner mailing list