The down fall was newsletters or junk mailings like special offers, website blog announcements or any valid new senders were delayed. The positives were that all messages from known senders just went through and almost any spam was 4.x.x was never resent. I did however watch the greylist log file. It made a big difference - my users were not reporting spam in their inbox and when spammers got my 4.x.x try again they never did. Granted if anyone ever directly mailed one of the TLDs it would be whitelisted but after reviewing my systems utilization I noticed the mail server was spending more resources than normal processing these spam messages so as a test I enabled greylisting for two weeks. GFI MailEssentials provides anti-spam and email security for your mail servers: Powerful and effective business spam filtering Blocking email-borne viruses. After analyzing our logs with logparser I noticed less than a 1% reputation with all of the new TLDs combined so I blacklisted them but had them move into my junk e-mail folder which rolled every 4 hours. More than 30% was flagged as spam but those new and cheap TLDs (xyz,racing,etc.) all getting through undetected. We are processing ~50-70K messages in a 5 day work week for 70 employees. From the Blocklist tab, configure the email addresses and domains to block. Go to Anti-Spam > Anti-Spam Filters > Email Blocklist. We ran every anti-spam option except greylisting (prior history made me hit it due to problems with general greylisting). This filter is enabled by default on installing GFI MailEssentials. WTF?! So from now on I move these flagged messages into the users' junk e-mail and then whitelist any domains that are used for valid business reasons. I reported it to GFI they said it was a non-issue even though their SPF wasn't RFC compliant. I enabled this and valid SPF records were being rejected because they don't use _include: method but span multiple TXT files or would be too long for MailEssentials to process. What's your spam razor setting set to once it detects? Toss or move to junk E-mail? Also every setting you enable should always be logged so you have some kind of paper trail as to why someone didn't get their email they've been looking for. If you have any specific suggestions for this filter that would be a huge help.Īre you training the filter on HAM (users sent items) not just spam? I can keyword this week but next week they are onto another tactic. It seems like every time I get it right the spammers change tactics and I'm in the same position.
![gfi mailessentials blocking legitimate emails gfi mailessentials blocking legitimate emails](http://www.chicagotech.net/images/gfi21.gif)
What are your expectations with spam filters? Is zero inbox spam realistic. These are mostly keyword spam and any outlook happens to decide to throw into the mix. I delete automatically the rbl and spf and directory harvesting. That may be justified by them wanting to check it for any false positives which I do not want to discourage by have 'too much junk in the junk folder'. They also are complaining about a lot of spam in the junk folder.
![gfi mailessentials blocking legitimate emails gfi mailessentials blocking legitimate emails](https://evotec.xyz/wp-content/uploads/2016/07/img_5783708d0d3b0.png)
It has improved but the conversation with the users is feeling like they are frustrated. We have GFI Mail Essentials and I have been tweaking it and training the bayasian filter once a month with user submitted inbox spam. My users are complaining about 5-10 spam in their inbox over the course of a weekday.