We are a higher ed institution. We have many emails that have class numbers in the subject (i.e. EN101). Is there way to safelist or allow these messages to bypass spam filters? I have tried the safelist word with regex, but it doesn't work. I know I can manually add each class, but it changes every semester and would require too much manual editing. Thanks in advance
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
hi,
Incoming or outgoing email?
regards
/ Abel
The Safelist word list only takes wildcards (*,?) and not regex.
Simple wildcards leaves you at '????? ' for "word with 5 characters, followed by a blank" which is not very specific. One option would be to code the subjects (EN, MA, PH,...) and 'wildcard' the course numbers, like in 'EN??? ', 'PH??? ' etc. Admitted, this is not very specific, not even close to a regex ('[A_Z]{2}\d{3} ').
This is incoming mail. Thanks Ede. I will try it and let you know how successful it is.
drp
Hi Don,
dts.drp wrote:Another approach:This is incoming mail.
if (and only if) you can verify that authenticated SMTP clients are reliable and not source of spam, you can check the option "Bypass scan on SMTP authentication" available in each antispam profile under 'scan options' section.
regards
/ Abel
Thanks Abel, but I don't think this is viable. I'll do some research, but the mail can come from any client. The bulk of these type of messages come from our cloud LMS system. I could whitelist their IP's, but I really don't like doing that, since hundreds of other schools use the same system.
Another update. Here is the version I am on: v5.4,build692,170724 (5.4.0 GA) ... I started playing around with DLP last week. I had that thought of creating DLP rules to catch the subject, since DLP matches regex. The DLP rule is only applied to the inbound traffic and the action is "Deliver to original host" ... This seems to be working nicely. I haven't noticed any class correspondence quarantined since. I can share the DLP rule and policy if anyone is interested. drp
This shouldn't really be bypassing AntiSpam as DLP is checked after.
We have Bayesian enabled and they were getting caught by this db. Since I have implemented the DLP method, zero have been flagged by Bayesian. I am ok with the other Antispam checks.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1558 | |
1033 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.