How can I block these types of emails?? RSS Back to forum
Forgot to mention. Most of these emails are being rejected, but about 1/4 of them are getting by ORF>
@Dan:
You can use a very specific Keyword Blacklist regular expression against these (with Subject scope).
^Newsletter \w{3}, \d{1,2} \w{3} \d{4} \d{2}:\d{2}:\d{2} \+\d{4}$
This builds up as:
* ^Newsletter: Starts with with the "Newsletter" string
* \w{3}: Exactly three "word" characters (letters, numbers and the underscore character)
* \d{1,2}: One or two digits
* [...]
* \+: The + character (must be escaped as \+, because "+" alone is a special character in regular expressions)
* $: The string must end here, i.e. no characters expected between the last \d{4} and the end of the data.
Note that the above regular expression was constructed specifically for the "Newsletter Thu, 21 Apr 2011 03:44:34 +0200" format and any format changes, even just an extra whitespace somewhere will render the filter useless.
Whats the best way to go about blocking a certain type of spam. We get dozens of emails with the subject of: Newsletter Thu, 21 Apr 2011 03:44:34 +0200
THe sender, IP and time/date at the end of the subject is always different and I dont wan to block all emails with Newslettter in the subject .
Version: 4.4 REGISTERED
Log Mode: Verbose
Server: FS-MAIL.srf.ca
Source: SMTPSVC-1
Time: 4/20/2011 9:42:17 PM
Class: Pass
Severity: Information
Actions: (not available)
Filtering Point: On Arrival
HELO/EHLO Domain: (not available)
Related IP Address: 41.199.62.122
Message ID: (not available)
Email Subject: Newsletter Thu, 21 Apr 2011 03:44:34 +0200
Sender:
Recipient(s):
*
Message:
Email passed checks.