Spoofed senders implementation via Antispam engine filtering

[zhekdia 3]

EMSX 4.5, Antispam engine > filtering > Spoofed senders

 

Can someone please explain how this feature works. The documentation is vague to say the least:

 

This list allows you to specify which mail servers are

allowed to use which domain names in the From: address. The offset will be applied when mail from the domain

does not come from the specified IP range. 

 

Can you specify domain or sender, format? Wilcards?

Mail server internal IP?

Offset recommendation?

 

Some further documentation would be helpful in configuring this type of feature.

 

Thanks.

[Peter Randziak 1,130]

Hello,

 

this feature is being configured for outgoing mail servers so you should specify a domain for which you specify allowed IP address / IP address with network mask / range of IP addresses of allowed senders.

 

The IP address should be the external server's IP address as far as that on is visible for EMSX as sender's IP.

 

DO you have any further question regarding this?

[Mike 8]

Hi,

 

I have questions about this feature too.

 

So I want to capture false positives for my own domain:  exampledomain.org

This domain is allowed to send mail from our ISP's mail server, but also a few other places, so there will be maybe 5-10 separate IPs to allocate.

 

Do I put the exampledomain.org in the From box?

 

Then how do I handle adding all the different legitimate servers to accept mail from? Do I make multiple line entries each with exampledomain.org in the from box?

 

What do I put in the score box? Is this a number that gets added on to the rest of the score calculated elsewhere? (so if I put 40 in this box, and the email already had a score of 55 from other spam detection criteria, then this would bump the score up to 95 if the mail came from that domain, but from an IP not listed... is that how it works?)

 

The description of how this feature works could do with a bit of clarification.

 

Thanks for your help.

 

Mike

[Peter Randziak 1,130]

Hello Mike,

 

you just set the sender and allowed IP addresses or range of them (IP address that are allowed to send messages on behalf of that domain).

If you have 50 servers with 50 IP different addresses you need to set all of them.

The score will be given to messages received from defined sender outside of defined IP addresses (so we assume that the sender is spoofed for that messages so score 99 or something similar is recommended).

[BRMFG_1 0]

Hi

 

Could you post an example of the syntax to use here as I am not finding it clear?

 

"DOMAIN:IP_ADDRESSES_SET:SCORE"

 

An example for multiple domains and IP addreses?

 

Many thanks