Message Sniffer for Outgoing E-Mail
Question asked by Rene Eisenmann - 9/18/2023 at 10:54 PM
i wonder if it is a good idea to activate the Message Sniffer for Outgoing Mails. We got some Customers who forward there mail to t-online etc and from time to time they try to forward a spam to t-online which causes issues for the whole server. My Question is does Message Sniffer intercept such mails? or is there a better idea? i know forwarding is not the best idea and i have reduced the amount of accounts who does it but from time time there is this problem.

6 Replies

Reply to Thread
Employee Replied
Employee Post Marked As Answer
Hi Rene, 

You can certainly use Message Sniffer as one of your outbound checks. Please note that any check that's enabled for Outbound SMTP Blocking must be used with the Outbound Weight Threshold that's found on the Antispam > Options tab > SMTP Blocking card. From there, you can specify a weight that should be considered "spam", then choose to Quarantine or Delete that message, and choose whether to send the user a bounce message about the delivery failure. This feature will catch standard deliveries that are considered to be spam. 

To prevent spam from being automatically forwarded, I would encourage you to set the domain's Forwarding Exclusion to Spam Low/Medium/High. When you edit a domain, you'll find a Forward Exclusion setting on the Email card. To prevent all spam probabilities from being auto-forwarded, set this to "Low and above". You can also adjust this setting in Domain Defaults, and propagate it to domains, as needed. 

Finally, SmarterMail offers a Do Not Forward list, where you can add domains that have strict requirements and are likely to blacklist you for spam, such as Yahoo, AOL, Verizon and Gmail. You can find this in Settings > Delivery Limits. 

I hope this helps! 
Rene Eisenmann Replied
Thank you for the Support! i will check it out
Rene Eisenmann Replied

i use message sniffer for outgoing mail now .. works fine on 90% but sometimes i get false positives and i wonder how i can deal with them? they get 30 in messagesniffer and 100% not spam :) do i just whitelist the recipients? 
Sabatino Replied
I was about to start a thread too

First of all
Do not forward spam level Medium and above

refers only to the forwards of an account and not to the aliases of a domain that forwards mail to an external address. Right? From the traffic I've checked it seems like that to me.

I would also like to discuss this configuration with you:

I have also set Cyren Premium Antispam as Enable Outbound SMTP Blocking

I did this because I have some domains that have aliases that forward to external addresses.

I've found that it works quite well, but I might lower the threshold even a bit if I could exclude authenticated users.

I'll explain.

An email arrives at xxx@domain.tld

xxx is an alias that forwards to yyy@yyy.tld

Here I would like to apply the block.

But if an account acc@domain.tld authenticates and tries to forward to yy@yyy.tld I wouldn't want to apply the block.

At least I would like a setting like this.

For authenticated accounts, it removes 10 spam points from outgoing messages

Sabatino Traini Chief Information Officer Genial s.r.l. Martinsicuro - Italy
Reto Replied
Yes, I assumed the same for alias forwarding. +1 for your idea regards different handling of authenticated users.
Rene Eisenmann Replied
i wonder why i get so much in in outgoing Spam Qurantine .. we even have "Do not forward spam level low and above" and still more then 200 mails a day in the qurantine ... do i need to go to domain settings and click probaganda the setting?

Reply to Thread