Possible to block Sender Name Using Global Rules?

Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting, please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
Post Reply
thomas10
Normal user
Normal user
Posts: 82
Joined: 2013-10-30 03:13

Possible to block Sender Name Using Global Rules?

Post by thomas10 » 2020-04-16 06:21

Hi All,

I found that there are some spam mails with the same sender name(Dr. Somnath Sakore) but with different email address. Is that possible to use Global Rules to block just the Sender Name only?

Sample Below:
Received: from advanced1.interideas.net (advanced1.interideas.net [198.46.83.140])
by [Edited].com with ESMTP
; Thu, 16 Apr 2020 09:46:15 +0800
Received: from [79.116.219.111] (port=53115 helo=localhost)
by advanced1.interideas.net with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.93)
(envelope-from <yrincon@droguesur.com>)
id 1jOtbN-0007cG-Vw
for [Edited]@[Domain].com; Wed, 15 Apr 2020 21:46:12 -0400
From: "Dr. Somnath Sakore" <yrincon@droguesur.com>
To: "[Edited]" <[Edited]@[Domain].com>
Subject: RE: Urgent- Secondary labelling provider for eye drop
Date: Thu, 16 Apr 2020 06:42:54 +0800
Message-ID: <f30196a3-4e9f-4857-9132-0ea92be80306@local>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_002D_01D613E1.4DAAD920"
X-Mailer: Microsoft Outlook 16.0
X-Spam-Checker-Version: SpamAssassin 3.4.2 (svnunknown) on [Edited]
X-Spam-Level: ****
X-Spam-Status: No, score=4.6 required=5.0 tests=BAYES_00,DATE_IN_PAST_03_06,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HTML_MESSAGE,SPF_HELO_PASS,
URIBL_DBL_ABUSE_MALW,URI_WP_HACKED_2 autolearn=no autolearn_force=no
version=3.4.2
X-Spam-Report: * 2.5 URIBL_DBL_ABUSE_MALW Contains an abused malware URL listed in
* the Spamhaus DBL blocklist
* [URIs: pancoupe.com]
* -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
* [score: 0.0000]
* -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
* 1.6 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date
* 0.0 HTML_MESSAGE BODY: HTML included in message
* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
* author's domain
* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
* valid
* 2.5 URI_WP_HACKED_2 URI for compromised WordPress site, possible
* malware
*
Thread-Index: AQF/owG+afhC//MOWk7sGwQ/xa9XfA==
X-OutGoing-Spam-Status: No, score=2.6
X-AntiAbuse: Original Domain - [Edited]
X-AntiAbuse: Primary Hostname - advanced1.interideas.net
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - droguesur.com
X-Get-Message-Sender-Via: advanced1.interideas.net: authenticated_id: yrincon@droguesur.com
X-Authenticated-Sender: advanced1.interideas.net: yrincon@droguesur.com

User avatar
jimimaseye
Moderator
Moderator
Posts: 8777
Joined: 2011-09-08 17:48

Re: Possible to block Sender Name Using Global Rules?

Post by jimimaseye » 2020-04-16 10:18

Let your spamassassin do it's job.
X-Spam-Level: ****
X-Spam-Status: No, score=4.6 required=5.0 
Your spamassassin had already determined this to be spam but your threshold is way too high. In my experience anything over 3 is definitely spam and most email is mainly under 1(often -ve). Change your spamassassin threshold to 3 and these emails will be caught without the need of adhoc rules.

My recommendations and setup is here: https://www.hmailserver.com/forum/viewt ... 91#p174991)

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

thomas10
Normal user
Normal user
Posts: 82
Joined: 2013-10-30 03:13

Re: Possible to block Sender Name Using Global Rules?

Post by thomas10 » 2020-04-16 11:03

jimimaseye wrote:
2020-04-16 10:18
Let your spamassassin do it's job.
X-Spam-Level: ****
X-Spam-Status: No, score=4.6 required=5.0 
Your spamassassin had already determined this to be spam but your threshold is way too high. In my experience anything over 3 is definitely spam and most email is mainly under 1(often -ve). Change your spamassassin threshold to 3 and these emails will be caught without the need of adhoc rules.

My recommendations and setup is here: https://www.hmailserver.com/forum/viewt ... 91#p174991)

[Entered by mobile. Excuse my spelling.]
Jimi, you are right on it. But too bad, I have to set it abit higher because there are quite some numbers of false positive due to some customers are using Chinese to communicate. Really appreciated your suggestion on SA.

But can global rules do the job to delete the emails from the "DR" by catching the sender name?

User avatar
jimimaseye
Moderator
Moderator
Posts: 8777
Joined: 2011-09-08 17:48

Re: Possible to block Sender Name Using Global Rules?

Post by jimimaseye » 2020-04-16 11:17

This will give you help: https://www.hmailserver.com/forum/viewt ... 21&t=29179

(Section 1 applies)

[Entered by mobile. Excuse my spelling.]
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829

thomas10
Normal user
Normal user
Posts: 82
Joined: 2013-10-30 03:13

Re: Possible to block Sender Name Using Global Rules?

Post by thomas10 » 2020-04-16 12:32

jimimaseye wrote:
2020-04-16 11:17
This will give you help: https://www.hmailserver.com/forum/viewt ... 21&t=29179

(Section 1 applies)

[Entered by mobile. Excuse my spelling.]
Hmm, interesting, will study this. Thanks Jimi. :D

User avatar
RvdH
Senior user
Senior user
Posts: 1136
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Possible to block Sender Name Using Global Rules?

Post by RvdH » 2020-04-18 13:20

thomas10 wrote:
2020-04-16 12:32
jimimaseye wrote:
2020-04-16 11:17
This will give you help: https://www.hmailserver.com/forum/viewt ... 21&t=29179

(Section 1 applies)

[Entered by mobile. Excuse my spelling.]
Hmm, interesting, will study this. Thanks Jimi. :D
As you are running SpamAssassin add some additional score using a simple custom rule

Code: Select all

describe EXAMPE_RULE	Trigger on mails with from name Dr. Somnath Sakore
header	 EXAMPE_RULE	From:name =~ /\b(Dr. Somnath Sakore)\b/i
score    EXAMPE_RULE	3.0
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

Post Reply