Logout

Alt-N Discussion Groups > MDaemon Discussion Groups > MDaemon Content Filter > Content Filter & Spam Honeypots

 [F] Alt-N Discussion Groups  / MDaemon Discussion Groups  / MDaemon Content Filter  /

Content Filter & Spam Honeypots

[Zarva, Andrey]
Andrey Zarva
Newbie
Newbie
Posts: 35
Andrey Zarva - 12:57am, Oct 27 2016

Hello!

If i add e-mail in "Spam Honeypots", and if the restricted attachment comes to this e-mail, then administrator recive notification about attachment's removed and about "User unknown".

Every day I receive 30 and more such messages.

I think it is necessary to change a procedure for spam-test of messages. At first it is necessary to check whether there is no message in a Spam Honeypots, and already then to check whether there are restricted attachment there.

MDaemon Server 32 bit v16.5.1

  All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

leigh.cain@altn.com (apparently) - Oct 28, 2016 10:42 am (#1 Total: 1)  

via email - Technical Support  

Photo of Author
leigh.cain@altn…
Guru
Guru
Posts: 1253

MDaemon
RelayFax
SecurityGateway
Outlook Connector
SecurityPlus
ProtectionPlus
WebAdmin
Hello Andrey,
 
For Spam Honeypots, they do skip a lot of the processes that normal email goes through because they are a special case. We can't check for attachments after a message has already been routed to its final recipient/destination because of the way message processing works. However, we don't want to allow a file attachment that could be a danger to be allowed to be placed in a mailbox or delivery folder, so the message does need to be checked for that.
 
If you would prefer not to receive restricted attachment notifications, you can uncheck the option under Security | Content Filter | Notifications for "Send restricted attachment notification message to Administrator"
 
If you would prefer not to receive the "User unknown" messages, you can disable those under Setup | Server Settings | Unknown mail - uncheck the option for "...send to the 'postmaster' alias"
 
If you would prefer to leave those enabled in case there are other instances where you want to get those notifications, you can create a content filter to move those specific unwanted notifications to the Bad Queue or delete them.
 
Here are the content filter rules that worked for me in testing this:
 
[Rule005]
RuleName=Honeypot address - unknown
Enable=Yes
ThisRuleCondition=Any
ProcessQueue=BOTH
Condition01=SUBJECT|contains|AND|Warning: honeypotuser@domain.test - User unknown!|
Action01=move to bad Msg|
 

[Rule006]
RuleName=remove restricted attachment email for honeypot
Enable=Yes
ThisRuleCondition=Any
ProcessQueue=BOTH
Condition01=body|contains|AND|To        :  honeypotuser@domain.test |MDaemon has detected restricted attachments within an email message|
Action01=move to bad Msg|
 
You will need to make sure the option under Setup | Preferences | Miscellaneous for "System generated messages are sent through the content and spam filters" is enabled.
I would recommend that you first set up the rule to move the messages to the Bad queue, as I have done in the above testing. Once you have verified that this is not catching any messages that you don't want it to catch in your environment, you can change the rules to delete the messages if you'd like.
 
I hope that is helpful, please let me know if you have any questions.
 
--
Leigh Cain
Quality Assurance Analyst
 
Sent using Alt-N's own MDaemon Messaging Server
Now available with BYOD Mobile Device Management,
Document Sharing, Hijacked Account Detection and more.
 
Get to know the Alt-N family by liking us on Facebook!
 
 
-----Original Message-----
From: Andrey Zarva <lists-md-content-filter@altn.com>
To: "md-cfilter List Member" <md-cfilter@altn.com>
Date: Thu, 27 Oct 2016 00:57:56 -0500
Subject: [md-cfilter] Content Filter & Spam Honeypots

Hello!

If i add e-mail in "Spam Honeypots", and if the restricted attachment comes to this e-mail, then administrator recive notification about attachment's removed and about "User unknown".

Every day I receive 30 and more such messages.

I think it is necessary to change a procedure for spam-test of messages. At first it is necessary to check whether there is no message in a Spam Honeypots, and already then to check whether there are restricted attachment there.

MDaemon Server 32 bit v16.5.1
 
View/reply at Content Filter & Spam Honeypots
--MD-CFILTER---------------------------------------------------------
This list is for questions and discussions about MDAEMON's Content 
Filter. To unsubscribe from this mailing list send an email to 
md-cfilter-unsubscribe@altn.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by Alt-N Technologies for user-to-user 
support and discussion.  Alt-N staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.altn.com/Support/RequestSupport/
---------------------------------------------------------------------

--MD-CFILTER---------------------------------------------------------
This list is for questions and discussions about MDAEMON's Content
Filter. To unsubscribe from this mailing list send an email to
md-cfilter-unsubscribe@altn.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by Alt-N Technologies for user-to-user
support and discussion.  Alt-N staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.altn.com/Support/RequestSupport/
---------------------------------------------------------------------



  All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items



 Content:

Read New | Search

 Guest:

Email to Admin



You are visiting as a Guest user.