- make a new Dictionary with your company-domains inside (match whole words).
- make a new Incoming Content Filter like "detect from spoof"
- Condition: Other Header, Header Name: From, Header value contains term in content directory -> your new Dictionary (with domains)
- second condition: Envelope Recipient: Contains term in content dictionary -> your new Dictionary (with domains)
- IMPORTANT: Conditions -> Apply rules "Only if ALL conditions match"
- make a new Action: to suit your needs... I would mark them as spam in the first step to test the rules for false positives.
I suggest to make a second Content filter for spoofed mails in "From"and SMTP-Sender field like:
From: my-domain.com <email@example.com>
You will get this nasty spoofs too.
Same actions as above but additional:
- make a third condition: Envelope Sender: Contains term in content dictionary -> your new Dictionary (with domains)
- don´t forget: Conditions -> Apply rules "Only if ALL conditions match"
... View more
Hi folks, we have two C160 (current asyncos: 7.6.3-019) in a cluster with a centralized management and spam quarantine. (M160) I had to integrate a new domain of a sub company and forward these traffic to their own MTA. I created incoming content filters matching this domain to send to alternate host. This works fine, but they actually getting all the spam messages also. Messages are tagged with [SPAM] but forwarded and not quarantined. How can I put the spam into the centralized spam quarantine like all other default spam mails? Thanks, Rg A. Schreiber Ironport Help: Send to Alternate Destination Host Mail host. Changes the destination mail host for the message to the specified mail host. Note This action prevents a message classified as spam by an anti-spam scanning engine from being quarantined. This action overrides the quarantine and sends it to the specified mail host.
... View more