Overview
Users are receiving spam containing pornographic images with little to no text in the email body.
When there is text in the email body, it's words that can't be blocked with keywords without the possibility of blocking legitimate emails.
Solution
Enable the IP DNS Blocklist.
The domains that send this type of spam are usually blacklisted so it is recommended to enable the IP DNS Blocklist. The recommended configuration for the IP DNS Blocklist is to add the following entries while keeping the default ones enabled:
- zen.spamhaus.org
- b.barracudacentral.org
- truncate.gbudb.net
- dnsrbl.org
- dnsbl.sorbs.net
Open a browser and go to barracudacentral.org. Click the Request access link on the left. Fill out the form providing your external IP address in order to access the Barracuda Central blocklist.
Enable the Header Checking filter
The emails usually contain different SMTP and MIME information, hence, we also need to enable the Header Checking filter which will dramatically reduce the occurrence of these messages.
For the Header Checking filter we also recommend enabling the following rules:
- "Check if the email header contains an empty MIME FROM: field."
- "Check if the email header contains a malformed MIME FROM: field."
- "Check if the email headers contain different SMTP TO: and MIME TO: fields."
Enable Quarantine Digests
After making these changes we need to monitor the behavior to make sure that we are not blocking emails that we should not, during this monitoring process we can also enable the Quarantine Digests so we are also on top of the emails that are quarantined and avoid missing any important messages.
Testing
After applying the steps above, emails containing pornographic images with little to no text in the email body are now correctly identified as spam. If the issue still persists, please generate the troubleshooting logs as follows:
- Make sure that we have tracing enabled.
- Wait for at least 30 minutes to gather enough information and for the issue to be reproduced.
- Run the troubleshooter:
- Start > Programs > GFI MailEssentials > Troubleshooter
- Follow the Log Generation Wizard for collecting the required and pertinent information.
- Select New Case when completing the log generation.