Jump to content

Spoofed senders implementation via Antispam engine filtering


Recommended Posts

EMSX 4.5, Antispam engine > filtering > Spoofed senders

 

Can someone please explain how this feature works. The documentation is vague to say the least:

 

This list allows you to specify which mail servers are
allowed to use which domain names in the From: address. The offset will be applied when mail from the domain
does not come from the specified IP range. 
 
Can you specify domain or sender, format? Wilcards?
Mail server internal IP?
Offset recommendation?
 
Some further documentation would be helpful in configuring this type of feature.
 
Thanks.
Link to post
Share on other sites
  • ESET Moderators

Hello,

 

this feature is being configured for outgoing mail servers so you should specify a domain for which you specify allowed IP address / IP address with network mask / range of IP addresses of allowed senders.

 

The IP address should be the external server's IP address as far as that on is visible for EMSX as sender's IP.

 

DO you have any further question regarding this?

Link to post
Share on other sites
  • 2 months later...

Hi,

 

I have questions about this feature too.

 

So I want to capture false positives for my own domain:  exampledomain.org

This domain is allowed to send mail from our ISP's mail server, but also a few other places, so there will be maybe 5-10 separate IPs to allocate.

 

Do I put the exampledomain.org in the From box?

 

Then how do I handle adding all the different legitimate servers to accept mail from? Do I make multiple line entries each with exampledomain.org in the from box?

 

What do I put in the score box? Is this a number that gets added on to the rest of the score calculated elsewhere? (so if I put 40 in this box, and the email already had a score of 55 from other spam detection criteria, then this would bump the score up to 95 if the mail came from that domain, but from an IP not listed... is that how it works?)

 

The description of how this feature works could do with a bit of clarification.

 

Thanks for your help.

 

Mike

Link to post
Share on other sites
  • 2 months later...
  • ESET Moderators

Hello Mike,

 

you just set the sender and allowed IP addresses or range of them (IP address that are allowed to send messages on behalf of that domain).

If you have 50 servers with 50 IP different addresses you need to set all of them.

The score will be given to messages received from defined sender outside of defined IP addresses (so we assume that the sender is spoofed for that messages so score 99 or something similar is recommended).

Link to post
Share on other sites
  • 1 year later...

Hi

 

Could you post an example of the syntax to use here as I am not finding it clear?

 

"DOMAIN:IP_ADDRESSES_SET:SCORE"

 

An example for multiple domains and IP addreses?

 

Many thanks

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...