Which lists/files utilize wildcards/globals? : Finally learned some basic...

Wed, 26 Sep 2012 07:59:23 +0000

Author: pcmatt
Subject: 6796
Posted: 26 September 2012 at 7:59am

Finally learned some basic Regex:

This is great little tidbit example to adding case insensitive blocks:

((?i)KeYWord) matches keyword or any other combination of upper/lower case in keyword.

Which lists/files utilize wildcards/globals? : If you are just looking for a...

Fri, 05 Feb 2010 12:24:00 +0000

Author: yapadu
Subject: 6796
Posted: 05 February 2010 at 12:24pm

If you are just looking for a simple wildcard in the keywords, the wildcard for regex is actually a period .

If you wanted to filter on the keyword viagra, but accept any character in place of the i you could do (v.agra)

Regex is cool stuff, you might want to check out something from O'Reilly

I have been doing a lot of blocking by address lately, not always effective but some spammers do use the same address over and over. So if something gets past spamfilter I do something like this in the keyword filter.

10685,hazelhurst dr,(77[0-9]{3})

That keyword filter stops a lot of spam, that spammer uses the address over and over. He only changes the zipcode. Basically I am looking for the address, street and a 5 digit number that starts with 77 and then three other numbers in the range of 0-9.

I stop hundreds of messages a day just with this filter alone.

The greylistallowed syntax is a * so you might do 206.168.112.* to prevent that specific class C address space from being blocked. I have only ever had to use the whitelisting in the greylistingallowed file once - for postini as they have so many servers.

Which lists/files utilize wildcards/globals? : Was looking for which lists support...

Fri, 05 Feb 2010 07:49:26 +0000

Author: pcmatt
Subject: 6796
Posted: 05 February 2010 at 7:49am

Was looking for which lists support (* and ?, same rules as DOS wildcards) which is mostly defined in the docs and displayed in the GUI. Sounds like Keywords still does not support DOS type wildcards * and ?.

This list is for using globals when one is "RegEx Challenged" like myself.

GreyListAllowed.txt wildcard usage statement is a bit unclear. My guess is it's same type of wildcard use (.0 for class C and subnet masks) as IP Blacklist, but your release note is not really clear to me. Maybe you can clarify.

Thanks for helping clear this list up for me.

Which lists/files utilize wildcards/globals? : Matt,Everything is correct except...

Thu, 04 Feb 2010 23:39:26 +0000

Author: LogSat
Subject: 6796
Posted: 04 February 2010 at 11:39pm

Matt,

Everything is correct except for the keyword filter which supports RegEx (Regular Expressions) instead of wildcards, and for the greylist filter. If using v4.1.2.815 or higher, the following release note applies:

// New to VersionNumber = '4.1.2.815';

{TODO -cNew : Added ability to specify wildcards in GreyListAllowed.txt file to exlcude large number of subnets from greylisting}

Which lists/files utilize wildcards/globals? : (* and ?, same rules as DOS wildcards)was...

Thu, 04 Feb 2010 08:28:39 +0000

Author: pcmatt
Subject: 6796
Posted: 04 February 2010 at 8:28am

(* and ?, same rules as DOS wildcards) was what I was looking for to keep our lists simple. Can you confirm or correct this list:

These lists do support wildcards:

Blacklisted Domains

Blacklisted FROM Emails

Attachment Blocking

Local Domains

Excluded Domains / IPs

Unfiltered Emails

Excluded FROM Emails

Authorized TO Emails

Auto Whitelist Force Delivery

And these lists do not support wildcards:

Blacklisted IP - Supports only special ending 0 only to enter a wildcard class c

Honeypot Emails

Keywords Filter

Honeypot Blocked IPs

Grey List Allowed IPs

Thanks.

Which lists/files utilize wildcards/globals? : pcmatt,I'm not sure I understand...

Wed, 03 Feb 2010 23:32:17 +0000

Author: LogSat
Subject: 6796
Posted: 03 February 2010 at 11:32pm

pcmatt,

I'm not sure I understand what you mean by "globals".

For the wildcards, lists can usually use either * ? DOS-style and REGEX expressions, and/or IP notations in the form 192.168.23.0 (the .0 is the wildcard).

The manual tries to explain that in most cases (see below an extract). Is there one (or more) specific for which you need more info on?

Blacklists

Top Previous Next

•

MAPS Blacklist servers - SpamFilter checks the IP address initiating the connection. If it is listed in one of its many DNS blacklists the connection is refused. SpamFilter can reject connections based on aconfigurable minimum number of matches. A ",true" after an RBL entry means their DNS is expecting the IP to be reversed, i.e. to test a connection from 1.2.3.4 they expect 4.3.2.1.bl.spamcop.net

•	SURBL Blacklist servers - SpamFilter scans the content of emails for any HTTP links and URLs. Every link found is then tested against one of the many SURBL DNS blacklists available. If present, the connection is refused.

•

Blacklisted IPs - You can keep a file with additional IPs that you want to blacklist by entering the filename below. If the file does not exist it will be created. The file is reloaded every minute. List individual IP addresses on each line. Use an ending .0 for a Class C wildcard (i.e. 192.12.45.0 to block 192.12.45.1 --> 192.12.45.255). This IP blacklist also supports the use of CDIR notation to specify networks. For example, 192.12.45.0/24 will block the previous Class C of addresses as well. The contents of the file will be loaded in the memo box, allowing you to make changes to the file.

•

Blacklisted Domains - You can keep a file with additional Domains that you want to blacklist (based on the MAIL FROM field) by entering them below. Enter one domain per line, wildcards (* and ?, same rules as DOS wildcards) are allowed. You can also use Regular Expressions (RegEx). If the file does not exist it will be created. The file is reloaded every minute. The contents of the file will be loaded in the memo box, allowing you to make changes to the file. This list supports the :NULL option to send emails in a black hole. If an entry is in the form domain1.com:NULL it will cause all emails from domain1.com to be accepted and then sent to NULL right away. Such emails will not cause NDRs, they will not be quarantined, they will not be seen by the users. If an entry is in the form domain1.com:NoNDR such emails will not cause NDRs as in the DoNotSendNDROnQuarantine parameter in the ini file. This list supports the :Honeypot option, which will cause the sender's IP address to be automatically blacklisted in the future.

•

Blacklisted FROM Emails - If you want to block any particular email addresses, enter them here, one email per line. Wildcards (* and ?, same rules as DOS wildcards) are allowed. You can also use Regular Expressions (RegEx). This list supports the :NULL option to send emails in a black hole. If an entry is in the form user1@domain1.com:NULL it will cause all emails from user1@domain1.com to be accepted and then sent to NULL right away. Such emails will not cause NDRs, they will not be quarantined, they will not be seen by the users. If an entry is in the form domain1.com:NoNDR such emails will not cause NDRs as in the DoNotSendNDROnQuarantine parameter in the ini file. This list supports the :Honeypot option, which will cause the sender's IP address to be automatically blacklisted in the future.

•

Blacklisted TO Emails - If you want to block any particular destination addresses, enter them here, one email per line. Wildcards (* and ?, same rules as DOS wildcards) are allowed. You can also use Regular Expressions (RegEx). If an entry is in the form user1@domain1.com:NULL it will cause all emails to user1@domain1.com to be accepted and then sent to NULL right away. Such emails will not cause NDRs, they will not be quarantined, they will not be seen by the users. If an entry is in the formdomain1.com:NoNDR such emails will not cause NDRs as in the DoNotSendNDROnQuarantine parameter in the ini file. This list supports the :Honeypot option, which will cause the sender's IP address to be automatically blacklisted in the future.

•

Country Filters - SpamFilter checks the what country incoming connections are coming from. The current number of connections for each country can be updated by clicking on the Update Stats Now button. Columns can be sorted by clicking on the column header. This will help you in sorting countries and hits so you can determine if there are any countries you do not wish to receive email from.

•

Honeypot Emails - You can have a list of "honeypot" email addresses. Any email sent to an address in the list will cause the sender's IP to be blacklisted. The IP address will be added to the fileHoneypotBlockedIPs.txt, which contains the list of blocked IPs automatically added by this filter. This filter is typically used by adding non-existent email accounts to it that you know should never receive mail. If they do, then the email is likely spam, so the remote IP will be blacklisted automatically.

•

Attachment Blocking - You can block emails that have unwanted attachments. You can keep a file with banned attachments here. check emails for specific attachments or attachment extensions. If the attachment is found, the email is rejected. Wildcards (* and ?, same rules as DOS wildcards) are allowed. You can also use Regular Expressions (RegEx). This list supports the :NULL option to send emails in a black hole. If an entry is in the form filename:NULL it will cause all emails with the filename attachment to be accepted and then sent to NULL right away. Such emails will not cause NDRs, they will not be quarantined, they will not be seen by the users. If an entry is in the form domain1.com:NoNDR such emails will not cause NDRs as in the DoNotSendNDROnQuarantine parameter in the ini file. This list supports the :Honeypot option, which will cause the sender's IP address to be automatically blacklisted in the future.

•

Keywords Filter - You can check email content and subject header for specific keyword and/or phrases. If found, the email is rejected. You can also use Regular Expressions (RegEx). If the keyword file does not exist it will be created. The file is reloaded every minute. The contents of the file will be loaded in the memo box, allowing you to make changes to the file. This list supports the ::NULL option to send emails in a black hole. If an entry is in the form keyword::NULL it will cause all emails to be accepted and then sent to NULL right away. Such emails will not cause NDRs, they will not be quarantined, they will not be seen by the users. If an entry is in the form keyword::NoNDR such emails will not cause NDRs as in the DoNotSendNDROnQuarantine parameter in the ini file. This list supports the ::Honeypot option, which will cause the sender's IP address to be automatically blacklisted in the future. Please note that unlike in other cases, with the keyword list you must enter the ":" symbol twice to specify the extra tag.

Whitelists

Top Previous Next

•

Local Domains - SpamFilter will only deliver email to the domains listed here. Wildcards (* and ?, same rules as DOS wildcards) are allowed. You can also use Regular Expressions (RegEx). If the domain in the RCPT TO email address is listed as a local domain, then the recipient is accepted. This is done to prevent spammers to use SpamFilter to relay email to third party email addresses/servers. It is very important to add your own domains to the local domain list. If not, you will not be able to receive email. If you need to have any domain listed here forward its destination email to a different server than the default destination server, you can specify so here. You can override the default destination server by appending the forwarding mail server and port to any domain in this list. The syntax should be as follows:

DomainName:DestinationServer:DestinationPort - ex. logsat.com:mail.netwide.net:25

•

Excluded Domains / IPs - You can keep a file containing a list of any "MAIL FROM" domains or any IPs from which you want to receive email if they would be blocked by any of your blacklist rules. Enter as many IPs or domains as you wish, one per line. Wildcards (* and ?, same rules as DOS wildcards) are allowed. To exclude a whole class C, enter it as 209.20.21.*. If the file does not exist it will be created. The file is reloaded every minute.

•

Unfiltered Emails - Any local email address listed here will cause SpamFilter to bypass all blacklist rules for it. If you have any users who do not want to have their email filtered, enter them here. Wildcards (* and ?, same rules as DOS wildcards) are allowed. You can also use Regular Expressions (RegEx). This list supports the :TAG option to bypass the default "pass all" rule for entries on this list. If an entry is in the formuser@domain1.com:TAGSUBJECT it will cause all emails sent to user@domain1.com to be accepted and then delivered to that user no matter what. However emails that are classified as spam by the various filters will have the prefix "SPAM:" added to the subject line. If an entry is in the form user@domain1.com:TAG it will cause all emails sent to user@domain1.com to be accepted and then delivered to that user no matter what. However emails that are classified as spam by the various filters will have the header "X-SF-SPAM:Y"added to them.

•

Excluded FROM Emails - You can keep a file containing a list of sender's email address to be excluded from all filtering rules. Enter one email address per line, wildcards (* and ?, same rules as DOS wildcards) are allowed. You can also use Regular Expressions (RegEx). If the file does not exist it will be created. The file is reloaded every minute. The contents of the file will be loaded in the memo box, allowing you to make changes to it.

•

Authorized TO Emails - You can keep a file containing a list of authorized recipients. If you want SpamFilter to only deliver emails to specific addresses in your domain(s), you can manage such a list here. Enter one email address per line, wildcards (* and ?, same rules as DOS wildcards) are allowed. You can also useRegular Expressions (RegEx). If the file does not exist it will be created. The file is reloaded every minute. Please not that if such a list is present, SpamFilter will not deliver email to an address unless it is present in such a list. Use with care. Delete the filename from the edit box to disable the list.

•

Keywords Filter - You can check email content and subject header for specific keyword and/or phrases. If found, the email is allowed through the filters. Useful if you want to allow certain customers to send you email without having to place them all in a email address whitelist. The same syntax rules as the blacklist keywords apply.

Which lists/files utilize wildcards/globals? : I'm sure this has been answered...

Tue, 02 Feb 2010 16:25:45 +0000

Author: pcmatt
Subject: 6796
Posted: 02 February 2010 at 4:25pm

I'm sure this has been answered before but I can't find a concise list of which lists/files will use wildcard/globals and which will not. Does anyone have this or can this be provided?