HOW TO: Prevent spammers spam receiving auto-reply Out of office messages

This section contains user-submitted tutorials.
Post Reply
User avatar
Posts: 9079
Joined: 2011-09-08 17:48

HOW TO: Prevent spammers spam receiving auto-reply Out of office messages

Post by jimimaseye » 2015-12-22 14:05

This is applicable only in HMS Version 5.4 - Build 1944 or above

The use of Auto-reply (or Out Of Office) emails is very common and has its advantages. It does, however, also pose a risk that it can be confirming back to spammers that the email address exists and also that the office/recipient is absent from his place of work (a security risk). For this reason some people advise against using Out Of Office messages.

I was aware of these dangers but want to allow replying to genuine emails (from genuine senders). The following GLOBAL RULE was created to prevent any email that originally got marked as [SPAM] by Hmailserver (with 'Add to message subject [SPAM]' being checked in HMS), or had a Virus removed by Hmailserver, from receiving any out-of-office message. NOTE: It is reliant on the macro "%SUBJECT%" being included in the Auto-reply message.

Auto-reply Subject: "Out Of Office - %SUBJECT%"

Code: Select all

From                                     CONTAINS             @mydomain
Subject                                  REGULAR EXPRESSION   (?i:^.*(- \[SPAM\]|- Virus found).*$)
(custom header) Auto-Submitted           EQUALS               auto-replied
(custom header) X-hMailServer-LoopCount  EQUALS               1
It works by checking that the sender is FROM your domain (so outbound), header Auto-submitted is 'auto-replied' and that the subject will have been marked by Hmailserver similar to:

"Virus found: Here is your dangerous office document"
"[SPAM] Your viagra online pharmacy waiting for you"

Consequently any auto-replies generated (using the example above) would have looked like this:

"Out of office - Virus found: Here is your dangerous office document"

and the above rule captures that string. It works great for me (I have an extremely low false positive rate of 'SPAM' and practically no false positives on viruses)

This may or may not suit your setup but at least it gives you something to think about. You might be able to use the idea and modify it to suit your environment as well as giving a clue on how to use the REGULAR EXPRESSION query to list out different values to look for within a field (each separated by PIPE | symbol).
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs :

Post Reply