sos4eset 1 Posted October 20, 2015 Posted October 20, 2015 Using Eset Mail Security for Exchange version 4.5.x. for about 3months with great results. Now, all of a sudden some spam is making it's way through to clients. These emails come from domains that end in .download, .eu, .trade, etc. In the Antispam parameters setup for filtering, how do we properly add these domains (what is proper syntax) to the Blocked Domains section? Do we just write as download, or do we write .download, or *@*.download?? We had it as just download but that doesn't seem to work so now we are trying with he dot before the domain. See attached. Thank you!
Administrators Marcos 5,739 Posted October 20, 2015 Administrators Posted October 20, 2015 I'd strongly recommend upgrading to EMSX v6 as it brings several benefits: 1, ESET's antispam engine is used 2, Attachments from scanned email are checked against ESET LiveGrid which provides rapid response to new-borne threats 3, Files in archives are recognized by type so you can create different rules for exe files, document files, etc. that you may receive in archives 4, Many more improvements and fixes.
sos4eset 1 Posted October 20, 2015 Author Posted October 20, 2015 Thank you for the suggestion but it may be a little while until we can do that upgrade. Can you offer any guidance on the proper syntax for blocking domains?
Administrators Marcos 5,739 Posted October 20, 2015 Administrators Posted October 20, 2015 You can enter TLDs without the period in front of them. However, we don't recommend using this setting as it led to many false positives, especially if blocked domains were listed in signatures in legitimate emails.
sos4eset 1 Posted October 20, 2015 Author Posted October 20, 2015 Ok- we will go back to that syntax, but as explained in my original post we had it that way initially so not sure why they are not being blocked;) Thanks for replying. Do you know if the new version 6.x has a different method for blocking domains?
Administrators Marcos 5,739 Posted October 21, 2015 Administrators Posted October 21, 2015 I've just realized you would like to blocked domains of senders. However, the "Blocked domains" list works only for domains found in the email body (see the description in the screen shot you posted). Please send me 2-3 examples of emails in msg or eml format that slipped through EMSX.
sos4eset 1 Posted October 22, 2015 Author Posted October 22, 2015 (edited) I sent you a message but was unable to attach the .msg files - should I try to attach them here? Edited October 22, 2015 by sos4eset
Recommended Posts