Hi,

Is there a way to block partial email addresses?

We are plagued with one spammer where everything before the @ sign is a constant and the domain name is just different everytime. I'd like to add a rul to permantly delete 'ViagrCiali@'. I looked into Sender Filtering but every example I've seen so far uses the entire email address with domain. This is pointless having a list of a thousand email addresses and a rule like: ViagrCiali* or ViagrCiali@* would be perfect.

At the moment, these messages are being sent to Junk automatically but when users complain to the boss who demands I do something about it I need to look into it. Of course, Open Proxies are used the majority of the time and I can see that by viewing the message in Spamcop.net.

Exchange is plugged into Spamhaus and Spamcop and is getting caught but now I need to take it one step further to make sure  it's deleted rather than in the Junk folder.

Your help and advice would be most helpful! Thanks

Hi Crouchie1998,

To block a specific email address or domain in Exchange 2013 you need:

1. EdgeTransport server role which naturally runs anti-spam agents, or to activate antispam agents at your MBX/CAS if ET is not deployed.

2. At the server running AS-agents, use Exchange Management Shell:

Set-SenderFilterConfig -Enabled $false -Action Reject

Set-SenderFilterConfig -BlockedSenders <sender1,sender2...> -BlockedDomains <domain1,domain2...> -BlockedDomainsAndSubdomains <domain1,domain2...>

Actually, the Action parameter specifies the action that the Sender Filter agent takes on messages from blocked senders or domains. Valid input for this parameter is StampStatus or Reject. The default value is Reject.

That's pretty much it.

Hi,

Thanks for the reply.

What you suggested is part of a page on the online Microsoft documentation and that won't work because it tries to convert what you typed into an email address like when you are sending email via a .NET application and Example@ will fail when trying to be converted so your solution cannot work

As for the reject, that is already set and has been for years but as it's the default that would make sense

All the other articles on the Microsoft forums are for Exchange 2003, 2007 & 2010 so they aren't much help. The boss doesn't want to pay the money so EOP isn't an option. I say some links to to Barracuda and other filtering software/services.

I have noticed that the spam the company was sent was from a similar /16 in many cases so if I could block that range but a permanent deletion option set would stop some of them. The text in the body about pasting the url into the browser is also a constant. However, adding Mailbox rules to automatically delete the messages in Outlook 2013 are ignored unless run manually which means creating a rule via GPO isn't going to work either. If I set delete mail on exit then people are going to complain they have to choose an option and some users use the deleted items folder as a safety location

Now, I will look into how to add a whildcard IP range (example: 1.2.*.*) to the blocked senders like you were able to in Exchange 2007.

Thank you very much for this information. I have added the rule as instructed and will see in the next 24 hours if this has stopped the Ukrainian spammer who does the Canadian Pharmacy spam

UPDATE:

I have tried with and without the @ sign and even the 'Or Copy and Paste this Safe redirect Url into your browser' but absolutely no difference the spam still arrives. I have restarted the services and even restarted the server but the spams still get through.

Is it because ViagrCiali@... is just the address and has no display name and that rule is looking to apply the deletion to the Displayed name?

I selected the wrong item in the dropdown (recipient not sender) so will try

>>This is pointless having a list of a thousand email addresses and a rule like: ViagrCiali* or ViagrCiali@* would be perfect

Hi Crouchie,

Maybe a simple transport rule can help you to achieve your requirement:

Create a transport rule like below:

Apply this rule If...

"the recipient address includes 'ViagrCiali@' "

Do the following...

"Delete the message without notifying anyone"

Best regards,

Thank you very much for this information. I have added the rule as instructed and will see in the next 24 hours if this has stopped the Ukrainian spammer who does the Canadian Pharmacy spam

Hi,

If I follow your instructions and use 'if the SENDERS address...' it works perfectly. In your previous reply you have recipientVery thankful for your time and your solution

Kind Regards