As regards content filtering, I noticed right away the unknown host in the header sample. One of my content filters is set up to filter unknown hosts, since my observations over many years showed they are nearly always spammers with the exception of a few where the server was set up incorrectly (I notified those and they took care of the issue). Here is what I use in a content filter rule for unknown hosts:
Rule Name: UnkHost, Rule Source: Header, Rule Type Wildcard, Rile Text:
received: from unknown (*
Rule Weight: 20
I have five others set up as well so I know exactly which completed an action:
- an "Allow" filter (Weight -20)
- a "BadAcct" filter acting upon long dead accounts at my company that are still spammed (Weight 20)
- a "BadIP" filtering IP subnets consistently spamming our users (Weight 20)
- a "SpamSrvr" filter looking for server names consistently sending spam (Weight 20)
- a "SpamTxt" filter looking for very specific phrases and words (Weight 20)
One thing I noticed early on was that I had to set the size of the spam to be checked to 1 mb which seems pretty effective so far. This is done in:
Security> Antispam Administration> Options >Max message size to content scan
We are moving towards not disallowing any email but sending it to the junk e-mail folder where the user can decide upon it within 7 days (which they can change).
This system has reduced my own spam (and my email address has been out there for some time now) to one to three a day with most of those addressed to an alias email on our websites from the free email providers. This alias has been a great source of spam to fine tune our filters with.
Charles - Please LIKE US at http://facebook.com/CharlesWorksLLC
and connect with me at http://linkedin.com/in/charlesworks
"Bridging the gap between geeks and everyone else since 1998."
CharlesWorks for YOU!
CharlesWorks, LLC, Peterborough, NH 03458-1645 http://CharlesWorks.net
- Domains - Hosting - Web Design - WordPress - Social Media Updating - Search Engine Optimization -