Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » MX blocking/other blocking with POP retriever
  •  
teco

Messages: 80
Karma: 0
Send a private message to this user
Little question:

How can I block a specific MX entry for incomming mail adresses?

We have some unwanted mails from people who uses some kind freemailer service with and with mail domain. Only the MX entry is the same as from the freemailer.
Example:
Email MX Entry
fremmail<_at_>something.com somefreemailservice.com
fremmail<_at_>sommfreemailservice.com somefreemailservice.com

I want to block the whole MX entry.

We are using only the POP3 retriever. So I want to set up the blocking that the message will be deleted directly on the server at our ISP or directly after downloading (flatrate, traffice is not a problem for us).

A local managment without public blacklists would be perfect.

Thanks for any help.
  •  
freakinvibe

Messages: 1553
Karma: 62
Send a private message to this user
I am not 100% sure if I understand you correctly, but if you want to block a certain sender domain on the server, you can do that by going to:

Content Filter > Spam Filter

Click "Add" to add a new filter

Enter a description (example: block somefreemailservice.com)

Choose "From" as a header

Choose "contains domain" as Type

Put somefreemailservice.com as Content

Tick "Treat the message as spam and ignore it"

Press OK and then APPLY.

That should do the trick.

Regards, Pascal

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
teco

Messages: 80
Karma: 0
Send a private message to this user
I know this way. But it does not work like we need it.

When you make a DNS lookup for the MX entry for you domain you will mostly find the MX entry of you Internet Provider if he host your website and the mail accounts. The MX entry will show your server when you receive the emails directly via SMTP and not with the POP3 retriever.

We have here some Freemailer with have a service for a mail-domain.
This means: the emails looks like it comes from a domain and not from a freemailer.

I want to exclude the mx entry from a freemailer directly, which would include all hosted domains on him.
Example:
Freenet.de: He has a freemailservice which shows all mails with ...<_at_>freenet.de.
If you have a payside on freenet.de the mailadress would be ...<_at_>anything.de (or .com; .net....). Only the mx entry would show that he is hosted at freenet.de.

Thats what I want to block.
Every domain hosted on freenet.de (for example) and not a single domain. We get unwanted mails from such a freemailer service. Each Mail comes from another domain. To block them all one by one is a timewasting job.

Blocking the whole MX entry would block everything and all on a Web/Email Hoster. Equal what Domainname would be used.

How can I set a MX entry as blacklistened (for SMTP and POP3). When I use the "from" setting as you have told, I could block only one domain of the Freemailer.

Thats the problem I have.
  •  
freakinvibe

Messages: 1553
Karma: 62
Send a private message to this user
OK, now I understand.

I don't think KMS can do that (i.e. checking MX records of the sender domain on the fly and then discard the message), but you can find out the sender's host from the mail headers.

In the example below, I could define that I don't want any mail from cloak.DataServ2000.co.za in the spam filter.

----
Return-Path: <klfnmedz<_at_>bluewin.ch>
X-Spam-Status: No, hits=3.4 required=4.0
tests=BAYES_50: 1.567,HTML_70_80: 0.039,HTML_MESSAGE: 0.001,
INFO_TLD: 1.686,MISSING_HEADERS: 0.087
X-Spam-Level: ***
Received: from cloak.DataServ2000.co.za ([196.44.71.226])
by mail.wdr.org
for info<_at_>mydomain.ch;
Fri, 3 Feb 2006 15:00:41 +0100
Received: from bluewin.ch ([203.152.4.253]) by cloak.DataServ2000.co.za
(Post.Office MTA v3.5.3 release 223 ID# 0-59140U1000L100S0V35)
with SMTP id za; Fri, 3 Feb 2006 15:58:43 +0200
Message-ID: <002601c6292c$ccda0feb$bcb3f357<_at_>fpeehtbtsvxk>
From: "Ihre Drogerie" <klfnmedz<_at_>bluewin.ch>
Subject: Einkaufen ist so guenstig
Date: Fri, 3 Feb 2006 14:52:03 +0100
MIME-Version: 1.0
------

So, if you send me the headers of one of the unwanted mails (by clicking on "View Source") I can send you the filter you need to apply.

Best regards, Pascal


Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
teco

Messages: 80
Karma: 0
Send a private message to this user
Thank you for your help.

I must see if my boss agrees to give mail headers out of the office.

If not, could you please explain or show where to set these filers?

Example host:

freenet.de
MX entry for freenet.de: mx.freenet.de

And here the receiver part of one of these mails:
Received: from [212.18.0.9] (helo=mail-out.m-online.net)
by ***this is our MX server*** (node=mxeu4) with ESMTP (Nemesis),
id 0MKqlY-1F4yKP3Z50-0004ej for thomas.schmidt<_at_>technolog.de; Fri, 03 Feb 2006 11:38:10 +0100
Received: from mail01.m-online.net (svr21.m-online.net [192.168.3.149])
by mail-out.m-online.net (Postfix) with ESMTP id 94E2670AE8
for <xxxxx.xxxxxxx<_at_>xxxxxxxxx.xx>; Fri, 3 Feb 2006 11:38:09 +0100 (CET)
Received: from nm1 (ppp-82-135-5-249.mnet-online.de [82.135.5.249])
by mail.m-online.net (Postfix) with SMTP id 757E1B9CEC
for <xxxxx.xxxxxxx<_at_>xxxxxxxxx.xx>; Fri, 3 Feb 2006 11:38:07 +0100 (CET)

An mx-lookup for the sender-domain says that the MX Entry is mx.freenet.de (so I want to block mx.freenet.de)

Modifications:
- Blanked address of final receiver in our company.
- Blanked MX entry from our ISP

Thank you.
  •  
freakinvibe

Messages: 1553
Karma: 62
Send a private message to this user
I don't see freenet.de in the header, so it might be difficult, but you can block mails that have

m-online.net

in the header. As I said an MX lookup is not possible.

So what you can do is, compare all the headers of the mails you don't want and see if there are hostnames, that always appear. They can be blocked.

Regards, Pascal

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
Previous Topic: Messages in Multipart ID makes receiver ill
Next Topic: Feature requests...
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 06:22:59 CET 2017

Total time taken to generate the page: 0.00385 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.