SMSE4.6 message body filtering problem

[zaccaz]

Hi there,

Not sure if I cross-posted, but I couldn't find corresponding forum for SMSE.

Got plenty of spam mails in html, in which the message body has no text but just a graph. If check the email html codes, the graph was loaded by "cid:9.0.0.56.0.22442.314432@you.me.com.9" or something like that, so I set match list entry for message body to filter "cid:*.0.0.*.0.*.*@*.*.*.*", however it didn't work.

Wondering if I wrongly set the filter, or SMSE4.6 didn't support this kind of filtering?

Many thanks!

 

[myauto]

they had a advanced function called preminu anti spam in SMSMSE version 4.6 above,but need additional pay for this

 

[oggywan]

Did you confirm whether subsequent emails had the same CID?
What happened if you simplified your wildcards by making it less picky (cid:*.00.*@*)
Is the rule really active? By default all content filtering is turned off in SMSMSE, and you will need to ensure that all boxes are checked from rule to policy before it will actually scan the body.

You may want to do some testing on a test-server rather than using your live server for this.

But you are right. SMSMSE supports the creation of custom body filters which allow you to create custom 'spam' rules. You may as well have run into a bug... if so, report it I reckon.

The service that myauto is referring to is Premium Anti-spam, which will have your SMSME product use Symantec's rules (which are updates once every few minutes) to catch spam without you having to create any rules. It really does catch a ton of spam, though like every anti-spam solution it is not perfect. The power of this feature seems to be related to the fact that the rules update so frequently so it sorta has your server catch onto spam-trends and delete the spam that is currently out there. If you go for premium anti-spam you will also obtain the ability to submit spam manually or with an outlook plugin. Usually within an hour or two you may see how your specific spam is caught without you having to create any custom body filters... that's what the Premium antispam service also buys you: submit and Symantec will deal with it.

But ultimately... the type of spam where you see a bunch of random text, a picture and one URL... that one seems to come through on regular bases. I have noticed that those kind of emails morph too darn fast, and truthfully there is not a whole lot of rules you can write for it in my opinion other than on the URL.

Let us know what you find out with your custom filter though... I hope it catches just what it is supposed to catch, and that it does not inadvertently affect legit email.

 

[zaccaz]

hi there,

thx for all the feedback

after serveral checking with symantec support, they replied to me that message body filter cannot examine email's html codings, i.e. my concept of filtering by ""cid:9.0.0.56.0.22442.314432@you.me.com.9" did not work at all.......

X-(

 

[oggywan]

That's too bad. Maybe their Brightmail solution can?

 

[zaccaz]

yes, if u paid for the brightmail solution, it can help a lot!