The Safelist word list only takes wildcards (*,?) and not regex.

Simple wildcards leaves you at '????? ' for "word with 5 characters, followed by a blank" which is not very specific. One option would be to code the subjects (EN, MA, PH,...) and 'wildcard' the course numbers, like in 'EN??? ', 'PH??? ' etc. Admitted, this is not very specific, not even close to a regex ('[A_Z]{2}\d{3} ').

This is incoming mail. Thanks Ede. I will try it and let you know how successful it is.

drp

Hi Don,

dts.drp wrote:

This is incoming mail.

if  (and only if) you can verify that authenticated SMTP clients are reliable and not source of spam, you can check the option "Bypass scan on SMTP authentication" available in each antispam profile under 'scan options' section.

Thanks Abel, but I don't think this is viable. I'll do some research, but the mail can come from any client. The bulk of these type of messages come from our cloud LMS system. I could whitelist their IP's, but I really don't like doing that, since hundreds of other schools use the same system.

Another update. Here is the version I am on: v5.4,build692,170724 (5.4.0 GA) ... I started playing around with DLP last week. I had that thought of creating DLP rules to catch the subject, since DLP matches regex. The DLP rule is only applied to the inbound traffic and the action is "Deliver to original host" ... This seems to be working nicely. I haven't noticed any class correspondence quarantined since. I can share the DLP rule and policy if anyone is interested. drp

This shouldn't really be bypassing AntiSpam as DLP is checked after.

We have Bayesian enabled and they were getting caught by this db. Since I have implemented the DLP method, zero have been flagged by Bayesian. I am ok with the other Antispam checks.