I'm sorry. I just didn't understand... trying to read this for the fifth time. ... spam sends mail to something, but you don't know what, so you want to categorize the spam somehow. If you were dispatching based upon "to" you would (possibly) ignore anything that didn't have a "to" On Thu, Apr 4, 2013 at 8:36 AM, Gerald Young wrote:

Why do you want to import spam into OTRS?

On Thu, Apr 4, 2013 at 8:25 AM, Steven Carr wrote:

...

Hi list,

We have a number of email addresses and email accounts that are pulled into OTRS and we use Postmaster Filters to dispatch the mail to the correct queue.

On our public generic addresses (sales@ info@ etc.) we get a lot of spam which doesn't have the To: or CC: address completed (but the Envelope-To contains the actual sales@/info@ address) so OTRS must look at the Envelope-To when looking at the To: value in the Postmaster Filter as these are put into the correct queue.

Does anyone know of a combination of Postmaster Filters that I can use to filter this type of email out/drop it into the Postmaster queue, I'd rather do this with OTRS if possible as the mail server is a managed service so I have no admin access for this type of thing.

Thanks

Steve

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

You can add within SysConfig a field that you want to search against . On Thu, Apr 4, 2013 at 9:47 AM, Steven Carr wrote:

I am dispatching based on the To: address on the polled IMAP accounts.

But it seems that OTRS is also evaluating Envelope-To: also, as the actual To: address was empty. I would have expected the email to drop to the default queue (Postmaster on our system) when the To: address is empty. So I need to find a way to identify an email To: email and drop it in the Postmaster queue.

On 4 April 2013 13:49, Gerald Young wrote:

...

I'm sorry. I just didn't understand... trying to read this for the fifth time. ... spam sends mail to something, but you don't know what, so you want to categorize the spam somehow. If you were dispatching based upon "to" you would (possibly) ignore anything that didn't have a "to"

On Thu, Apr 4, 2013 at 8:36 AM, Gerald Young wrote:

...

Why do you want to import spam into OTRS?

On Thu, Apr 4, 2013 at 8:25 AM, Steven Carr wrote:

...

Hi list,

We have a number of email addresses and email accounts that are pulled into OTRS and we use Postmaster Filters to dispatch the mail to the correct queue.

On our public generic addresses (sales@ info@ etc.) we get a lot of spam which doesn't have the To: or CC: address completed (but the Envelope-To contains the actual sales@/info@ address) so OTRS must look at the Envelope-To when looking at the To: value in the Postmaster Filter as these are put into the correct queue.

Does anyone know of a combination of Postmaster Filters that I can use to filter this type of email out/drop it into the Postmaster queue, I'd rather do this with OTRS if possible as the mail server is a managed service so I have no admin access for this type of thing.

Thanks

Steve

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs

Yeah that is a bit overkill as we're lucky if we get 5 of these emails a week, so it's not a major issue, just something that would be nice to automate. I'll keep playing with the filters. And FWIW given the mail has already passed through spam filters in use by our hosting provider chances are that if we screw it down any more then we risk killing legitimate email. And we can't pre-approve addresses as these are legitimately open generic email addresses for future customers to enquire/get in touch. On 4 April 2013 16:48, David Boyes wrote:

Does anyone know of a combination of Postmaster Filters that I can use to filter this type of email out/drop it into the Postmaster queue, I'd rather do this with OTRS if possible as the mail server is a managed service so I have no admin access for this type of thing.****

Static filters aren’t going to be worth your time. This kind of thing is a totally moving target, and you need something more robust to have a prayer of doing any good. Even with running our own mail server, we had to implement whitelisting (accept only from known, preapproved sources) to get this problem down to a manageable size. ****

I would suggest front-ending the OTRS server with a Linux box and running spamassassin and very aggressive DNS RBLs on that (which will knock off about 80% of the truly egregious crap), and then blocking anything that isn’t sent by a preapproved user. Fetchmail does a fine job of grabbing mail from a hosted server, so you still get the benefit of them being online and active all the time, but it gives you the level of control you need to do something effective about this. Same with outgoing mail; the front-end box also does a decent job of queuing mail so you can survive outages upstream. ****

I should set up a bootable live CD or USB distribution for this. Too many people need something like it these days. ****

--------------------------------------------------------------------- OTRS mailing list: otrs - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/otrs To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/otrs