1 Reply Latest reply on Sep 24, 2010 8:53 AM by winative

    How to block Spam using specific character sets, like Russian for example.


      Spam in  Russian can be blocked with  the following steps.   Other languages can  also be blocked with this  concept using the proper character set.


      1) Define a new Quarantine Type to  monitor effectiveness of custom dictionary Navigate to:

      Queue Manager  (tab) > Queue Manager Advanced > Quarantine Types


      Bottom of the page is a text box,  enter the name of 'Russian Spam' or something descriptive to set this  Quarantine Queue Type apart from the rest


      2) Define dictionary

      Navigate to:

      Compliance  (tab) > Content Analysis > Dictionaries

                      a) Click the 'Add New' button

                                      Enter  a dictionary name, example "Russian Spam"

                                      Select 'No' for Contribute to toward Spam Profiler

                                      Select 'Original Part File' for Search Option for HTML Parts

                                      Click 'Submit'


                      b) Now you will be back at the dictionaries page.  Find  the new dictionary you defined and click on it's name, in our example  'Russian Spam'

                                      At the  bottom of the page click 'Add New'

                                      Content  Type = Words/Phrases

                                      Select  'Substring' for Search Type

                                      In  the Search Text enter: charset="iso-8859-5"

                                                      This is a character set for Cyrillac/Russian

                                      Enter a number for the Weight, I entered '100'

                                      Check the checkbox for 'Include'

                                      For  Scan Area check 'Header'

                                                      The text up above " charset="iso-8859-5" " is normally  defined/contained just in the Header

                                      Select  'Count Once' in Contribution Type

                                      Click  'Submit'


                                      Repeat the "b)" steps entering the following in the Search Text  field:




                                      In short, if any  Russian charsets are detected the messages will be quarantined.


      3) Manage & Apply Rule

      Navigate to:

      Compliance  (tab) > Content Analysis > Dictionaries > Manage Rules

                      Click 'Add New'

                      Select  'Russian Spam' from the dictionary drop down

                      Enter the same number for 'Threshold' as you did in step 2) for  the Weight

                      Select 'Quarantine' for the  Action

                      Enter zero (0) for the 'Action  Value'

                                      NOTE: Entering zero  (0) will remove the message the next default cleanup cycle

                                      NOTE: Entering anything but zero (0) will quarantine than  release the message when that interval is met

                      Select 'Russian Spam' from the Quarantine Type drop down


                      Now you  can enter if someone gets notified should this dictionary quarantine a  message or you can simply click 'Submit'


      Navigate to:

      Compliance (tab) > Content Analysis  > Dictionaries > Apply Rules

                      Make sure  the 'Enable Content Analysis' checkbox is check at the top of this page

                      Click the 'Apply ID' for the Global Inbound rule on this page.  If no global inbound rule exists one will need to be created.

                      On this page you will to locate the new dictionary you created  in the list of dictionaries below, this example is 'Russian Spam'

                      Check the 'Enable' checkbox in the last column that corresponds  to the dictionary you created.

                      Click  'Submit'