I found that there are many emails with empty senders in the email tracking. Can I create a rule to quarantine all emails with empty senders, or reject emails with empty senders.
Quarantine with empty senders
- Thread starter bjtangseng
- Start date
One way to achieve that is to set the 'Backscatter Score' to a higher value - this gets assigned to any mail with empty envelope-sender
Then you can use the regular spam What Object to match those in the rule system
Keep in mind that mails with empty sender are also sent by mail-systems to notify users about problems in delivery
(an emtpy sender alone is usually not a good indicator for spam)
I hope this helps!
Then you can use the regular spam What Object to match those in the rule system
Keep in mind that mails with empty sender are also sent by mail-systems to notify users about problems in delivery
(an emtpy sender alone is usually not a good indicator for spam)
I hope this helps!
We should often encounter bounce email attacks.
I tried to find the backscatter score in the spam detector. This default is 0, is there a recommended value for adjustment. And how to observe the impact of this strategy.
I tried to find the backscatter score in the spam detector. This default is 0, is there a recommended value for adjustment. And how to observe the impact of this strategy.
This depends on your rule-system
you need to make a rule, which quarantines mails with a SPAM-level of X
then I'd make the backscatter score X - this should put most mails with empty sender in quarantine...
simply check your quarantine , you can also find the bounces (and the increased score in the mail logs (pmg-smtp-filter logs which SA rules matched a mail
I hope this helps!
Based on the rule system, it seems that I can only define the spam score, but not the backscatter score. My current rule is that emails with a spam score greater than 3 will be quarantined. I see that this rule does not affect backscatter.
The backscatter score you set in the GUI is simple the amount of point SpamAssassin assigns to messages with empty sender envelope (by setting the score for the ANY_BOUNCE_MESSAGE SpamAssassin rule)
in your setup - if you assign a backscatter score of 3 most bounces should get put into quarantine (the bounces which have many hits decreasing the SpamAssassin score would pass through - but those are usually the ones which are not spam)
I hope this explains it.