Regex, attachments and Spam

Questions and answers about how to do stuff
Post Reply
Rod-IT
Posts: 3
Joined: 11 Sep 2018 19:37

Regex, attachments and Spam

Post by Rod-IT » 11 Sep 2018 20:04

Hi All,
my first post, but I have read many topics on here already.

I will break my questions down as there is 3 parts.

The easier of them I believe is this one;

If an attachment gets blocked, for example a password protected PDF within a zip, even with the release button enabled, the email is never released from quarantine - any pointers on why this is the case or how to make it release quarantined files when we specify them to be released? Side note, if we whitelist the sender address, would this also allow blocked attachments to come through?

Part 2 - I want to create a regular expression that if a specific subject is matched (outbound only), then a filter is applied, in our case an SMTP redirect to another gateway to apply encryption.

The regex I have is \b\w*abc encrypt\w*\b /gi (where 'abc encrypt' is the subject we want to match - case not relevant, nor should location within the subject be), however this does not seem to work, both Postfix and Mailscanner have been restarted since adding the rules, I have checked them via webmin and SSH and they seem good - online regex sites clarify this works, but it does not when sent via email.


abc encrypt this is a test - this will re-route

this is a test abc encrypt - does not trigger, it seems to only look if the keyword(s) are at the start of the subject.


Third - i have read many posts about spam and read that geo-blocking is not a good idea, it works but we should look at tuning the rules, the majority of what spam we do get seems to be Invoice or Payment related DOC files which then open a link within, i am getting to the point where DOC files may get blocked to combat this in a quick way, but are there any other tips for how to ensure this is tuned - i am forever marking as spam and the SA does seem to learn them, but we can get bombarded with quite a lot of these lately.

I also read where this could be related to DNS and RLBs, is there any way to check?

Just to add, i am no linux expert, i can find my way around and adjust settings etc. but may need a little extra guidance on specifics.


Thanks in advance for your help, guidance, pointers, and a great product.

Rod-IT
Posts: 3
Joined: 11 Sep 2018 19:37

Re: Regex, attachments and Spam

Post by Rod-IT » 18 Sep 2018 17:56

No one has any ideas on any of the issues above?

User avatar
pdwalker
Posts: 1087
Joined: 18 Mar 2015 09:16

Re: Regex, attachments and Spam

Post by pdwalker » 20 Sep 2018 10:37

Part 1: When you release a blocked message, do you see it in the message list? Does it show as blocked again? If so, is your locahost whitelisted?

Part 2: conditional sending based on subject to different gateways? I don't know if that is even possible. Where did you put your regex, expecting it to work?22

Post Reply