zhekdia 3 Posted December 30, 2013 Share Posted December 30, 2013 EMSX 4.5, Antispam engine > filtering > Spoofed senders Can someone please explain how this feature works. The documentation is vague to say the least: This list allows you to specify which mail servers are allowed to use which domain names in the From: address. The offset will be applied when mail from the domain does not come from the specified IP range. Can you specify domain or sender, format? Wilcards? Mail server internal IP? Offset recommendation? Some further documentation would be helpful in configuring this type of feature. Thanks. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,083 Posted January 3, 2014 ESET Moderators Share Posted January 3, 2014 Hello, this feature is being configured for outgoing mail servers so you should specify a domain for which you specify allowed IP address / IP address with network mask / range of IP addresses of allowed senders. The IP address should be the external server's IP address as far as that on is visible for EMSX as sender's IP. DO you have any further question regarding this? Link to comment Share on other sites More sharing options...
Mike 8 Posted March 13, 2014 Share Posted March 13, 2014 Hi, I have questions about this feature too. So I want to capture false positives for my own domain: exampledomain.org This domain is allowed to send mail from our ISP's mail server, but also a few other places, so there will be maybe 5-10 separate IPs to allocate. Do I put the exampledomain.org in the From box? Then how do I handle adding all the different legitimate servers to accept mail from? Do I make multiple line entries each with exampledomain.org in the from box? What do I put in the score box? Is this a number that gets added on to the rest of the score calculated elsewhere? (so if I put 40 in this box, and the email already had a score of 55 from other spam detection criteria, then this would bump the score up to 95 if the mail came from that domain, but from an IP not listed... is that how it works?) The description of how this feature works could do with a bit of clarification. Thanks for your help. Mike Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,083 Posted May 14, 2014 ESET Moderators Share Posted May 14, 2014 Hello Mike, you just set the sender and allowed IP addresses or range of them (IP address that are allowed to send messages on behalf of that domain). If you have 50 servers with 50 IP different addresses you need to set all of them. The score will be given to messages received from defined sender outside of defined IP addresses (so we assume that the sender is spoofed for that messages so score 99 or something similar is recommended). Link to comment Share on other sites More sharing options...
BRMFG_1 0 Posted October 26, 2015 Share Posted October 26, 2015 Hi Could you post an example of the syntax to use here as I am not finding it clear? "DOMAIN:IP_ADDRESSES_SET:SCORE" An example for multiple domains and IP addreses? Many thanks Link to comment Share on other sites More sharing options...
Recommended Posts