I don't want to block all SPF neutral or block by country, how can we block emails that spoof the sender address like this and have no envelope sender?
-----------------
Received-SPF: neutral (mailserverdomain: 91.103.252.229 is neither permitted nor denied by domain of cg86.borderlandresearch.com)
client-ip=91.103.252.229
Received: from cg86.borderlandresearch.com ([91.103.252.229]) by mailserverdomain with
MailEnable ESMTP; Mon, 11 Apr 2022 15:40:26 -0500
From:=?UTF-8?B?VGhhbmsgeW91IQ==?=<tools@usps.com>
Subject: =?UTF-8?B?SHVycnksIExpbWl0ZWQgVGltZSBPbmx5?=
Date: Mon, 11 Apr 2022 22:36:52 +0200
To: user@mailserverdomain
Reply-To: "Adobe Creative Cloud exMz6c0XK0dnyAwctijH8kUZnS6Bero1ly7COIa9e" <0IBBO6XGmjCIjFJkkomdOrSk157P8P18pxsCCGS8z2AzOGmail@mail.adobe.com>
MIME-Version: 1.0
X-mailer: nlserver, Build 6.7.0
Message-ID: <BucCbg45VehcDWogrij6L1ckSw9HYEQS48caStH8YHAadobein_mid_prod9@mail.adobe.com>
X-250ok-CID: P26341-121020
TenantHeader: 1d0e6311-6f98-4c5b-8b0e-8df80d5b7739
Affinity: prod.default
X-cust_MessageID: 1938757681
X-cust_DeliveryID: 350826
X-cust_InstanceName: aci_prod
MessageMaxRetry: 120
MessageRetryPeriod: 3600
MessageWebValidityDuration: 2592000
MessageValidityDuration: 432000
X-cust_IMSOrgID:
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset="UTF-8"
X-ME-CountryOrigin: RU
X-Envelope-Sender: <>
Precedence: bulk
X-ME-Bayesian: 0.000000
X-0Spam-Location: NonUS
Return-Path: <>
X-Read: 1
How to block crap like this with ME?
-
MailEnable-Ian
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: How to block crap like this with ME?
Hi,
Create a global filter using criteria "Where the message SPF tests return matching results" on "neutral". Then add an action to either delete message or mark as spam. You could also create a filter for "where the originating country matches".
Create a global filter using criteria "Where the message SPF tests return matching results" on "neutral". Then add an action to either delete message or mark as spam. You could also create a filter for "where the originating country matches".
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
Re: How to block crap like this with ME?
This does not solve the issue correctly as it will block valid emails.MailEnable-Ian wrote: ↑Tue Apr 12, 2022 11:15 pmHi,
Create a global filter using criteria "Where the message SPF tests return matching results" on "neutral". Then add an action to either delete message or mark as spam. You could also create a filter for "where the originating country matches".
Perhaps a filter that looks for "From:=?UTF-" + spf neutral + nonUS, would work?
I know how to create a filter for spf neutral + nonUS but the filter that checks the "from" for "?UTF-" does not seem to work correctly.
-
MailEnable-Ian
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: How to block crap like this with ME?
Hi,
Did you create a script filter? Do you have an example?
Did you create a script filter? Do you have an example?
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
Re: How to block crap like this with ME?
Here is what I did,
FilterResult=0
If not CriteriaMet([ME_SPF],"Pass") AND _
not CriteriaMet([ME_COUNTRY_NOMATCH],"US") AND _
CriteriaMet([ME_FROM],"*=?UTF-*") Then
FilterResult=1
End If
I'll see if it works.
FilterResult=0
If not CriteriaMet([ME_SPF],"Pass") AND _
not CriteriaMet([ME_COUNTRY_NOMATCH],"US") AND _
CriteriaMet([ME_FROM],"*=?UTF-*") Then
FilterResult=1
End If
I'll see if it works.
