How do I add geniboca.com to my filters to cover all usernames in front of the domain name?
Okay so I have a number of filters set up and working fine. However, lately it seems that the domain geniboca.com is sending a bunch of spam using different usernames in front of the root domain name and I cannot seem to filter them using just the domain name itself. I can filter them using the whole email address but for obvious reasons this isn't what I want. I am getting about 100-200 of these per day with different usernames so I am not going to manually add each email address to the filter that would be ludicrous and unproductive.
I set up my filters like so: Manually Run; Getting New Mail; Filter Before Junk Classification; Match All Of The Following; From, To, CC, or BC; Ends With; Delete Message
I have also tried the options like contains etc but nothing is working this a-hole is still able to send me emails with different usernames attached to the domain name geniboca.com.
For the record I have browsed through a lot of similar questions in this forum regarding similar situations but nothing I've tried is working. Any ideas? Thanks in Advance for your support.
Krejt Përgjigjet (13)
Try to use the spam filter based on the domain name, not based on the email address.
checkout this - > https://support.mozilla.org/en-US/kb/thunderbird-and-junk-spam-messages#w_per-account-settings
Thanks for your reply and the link. I've tried that also unfortunately nothing is working for me and I may have to delete my email address and create a new one.
Sick and tired of these unethical and lazy people who cannot run a proper email marketing business.
re :I set up my filters like so: Manually Run; Getting New Mail; Filter Before Junk Classification; Match All Of The Following; From, To, CC, or BC; Ends With; Delete Message
If a filter uses 'Match All Of The Following' then all listed conditions must be true in each email. I'm not sure if you meant the following but....
EG: Manually Run; Getting New Mail; Filter Before Junk Classification; Match All Of The Following; 'From' and 'Ends With' and domain name 'To' and 'Ends With' and domain name 'CC' and 'Ends With' and domain name 'Bcc' and 'Ends With' and domain name
Then action is 'Delete Message'
It is highly unlikely that each email will always contain all of those conditions. So filter will not do as you expect.
Suggest you modify and test the following: Manually Run; Getting New Mail; Filter Before Junk Classification; 'Match All Of The Following' 'From' and 'contains' and domain name eg: geniboca.com Then action is either:
'Delete Message'
or try 'Set junk status to' and select 'Junk' 'Move message to' and select the junk/spma folder on the account.
I think the OP was using this single all-in-one rule:
From, To, Cc or Bcc
…and so it ought to have worked, since it needed only one rule. However, I'd suggest changing it to "match any…", and "contains" instead of "ends with".
But I can't see why it shouldn't work, as given in the OP's first posting.
I wonder if there are any sneaky UTF-8 characters that defeat the matching system?
I'd like to suggest FiltaQuilla and its regular expressions capability, but it stopped working with TB60. :-(
For a version of FiltaQuilla that works in TB 60:
http://forums.mozillazine.org/viewtopic.php?p=14807861#p14807861
It would help to know which headers contain the geniboca string, as custom header criteria can be added to the filter rules.
Toad-Hall said
Suggest you modify and test the following: Manually Run; Getting New Mail; Filter Before Junk Classification; 'Match All Of The Following' 'From' and 'contains' and domain name eg: geniboca.com Then action is either: 'Delete Message' or try 'Set junk status to' and select 'Junk' 'Move message to' and select the junk/spma folder on the account.
I've tried this also with the exception of set junk status and select junk. I don't want to move to a folder as I just want to delete the message entirely. Appreciate your reply, I'll try the set junk status and select junk options to see if that works.
Zenos said
I think the OP was using this single all-in-one rule: From, To, Cc or Bcc …and so it ought to have worked, since it needed only one rule. However, I'd suggest changing it to "match any…", and "contains" instead of "ends with". But I can't see why it shouldn't work, as given in the OP's first posting. I wonder if there are any sneaky UTF-8 characters that defeat the matching system? I'd like to suggest FiltaQuilla and its regular expressions capability, but it stopped working with TB60. :-(
Thanks for your reply. I will try the match any and contains as I already tried the match all and contains. Not sure what sneaky UTF-8 characters means but I'll try to attach the headers if I can. Thunderbirds header info is very lacking.
sfhowes said
For a version of FiltaQuilla that works in TB 60: http://forums.mozillazine.org/viewtopic.php?p=14807861#p14807861 It would help to know which headers contain the geniboca string, as custom header criteria can be added to the filter rules.
Here is a copy of the header info which took me forever to figure out where it was:
From - Tue Oct 23 08:58:22 2018 X-Account-Key: account1 X-UIDL: UID11033-1386800255 X-Mozilla-Status: 0001 X-Mozilla-Status2: 00000000 X-Mozilla-Keys: Return-Path: <aud30+bncBCN5P66LQMPBBREZXTPAKGQEQFLIDSA@geniboca.com> Delivered-To: my email address Received: from my server by my server with LMTP id gGXpIfQMz1vhEQAAPG/g+g for <my email address>; Tue, 23 Oct 2018 04:58:44 -0700 Return-path: <aud30+bncBCN5P66LQMPBBREZXTPAKGQEQFLIDSA@geniboca.com> Envelope-to: my email address Delivery-date: Tue, 23 Oct 2018 04:58:44 -0700 Received: from mail-wm1-f69.google.com ([209.85.128.69]:36449) by my server with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.91) (envelope-from <aud30+bncBCN5P66LQMPBBREZXTPAKGQEQFLIDSA@geniboca.com>) id 1gEvKU-0001BP-IX for myemailaddress; Tue, 23 Oct 2018 04:58:34 -0700 Received: by mail-wm1-f69.google.com with SMTP id 203-v6sf1087630wmv.1
for <myemailaddress>; Tue, 23 Oct 2018 04:58:34 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1540295913; cv=pass;
d=google.com; s=arc-20160816; b=PkTpeYPla7z0/FrY0b3WetYpJv266k1ecuxSrU3LznH74HT8H1Ve7xksBJwhJrG7jx 1/GSSrNFsek+hDwi90BkebH9m/x4RhJiWGaic1KeKJ7Gs3xVo1TGlNkVR5qFJLskzkf8 VKgPHlkTUrNUCeZ/ppYfW/UzXJyh4H9y43Nie/pagN4sa8h+Y/+O/MVBlLh1k7yHwTuT 5uO1pBbI0aWA21cNb9WuWzfqbOzmUg0jMbcCjGhHv3O6s5aBvb1QMRSE7PI1Vdu83+TD L25G5ON3k0upssMmsIV29nX7A6SR+FiFijK+w8mdz4GPdix5uIT1W5DtiRfcNcd8jdPv ZCzg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:date:organization:mime-version:to :subject:from:message-id:dkim-signature; bh=myEzvM6tMhYwHmtbCyi1YOozBhdLSJZo0eaZLw5SN0U=; b=aL+MB6wWDvZxu0amzoJUEM59PKgxhJ0YNP3UOkFRX9YRJZTRKaQefGNGV0tknFT1XP ashxxvRYiOiYCeqaCm+Pn21b7CVEURG663y4zxcpp348zRHMOwpvlf6PhQOqaQ2z5l5A uJBtTVWPJZe8X3ZyliGRBsnPvVwjvv5p9Eoc7OwQwI66In2hEM1CT0TiLhrxad6YGVPx qZJNduZZX+bv2gsT39J/wMYU5ZdhK1lkJQ+O4VLHuIvlHL8Vu1uq9gcbBbYA3i2csbwE /rXEsnj2pKF4+tkkSh76bj/P5ikkE+WNj3dUQw1cHMplBc1RTqgFnoZASlP33/JtVFth 8BJA==
ARC-Authentication-Results: i=2; mx.google.com;
dkim=pass header.i=@geniboca-com.20150623.gappssmtp.com header.s=20150623 header.b=ZkmHXaA9; spf=pass (google.com: domain of cbd3admin@geniboca.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=cbd3admin@geniboca.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=geniboca-com.20150623.gappssmtp.com; s=20150623; h=message-id:from:subject:to:mime-version:organization:date :x-original-sender:x-original-authentication-results:precedence :mailing-list:list-id:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=myEzvM6tMhYwHmtbCyi1YOozBhdLSJZo0eaZLw5SN0U=; b=GjOKJ5+SjQPFcGaup8YCH8GN45A9Ny2hCIypRVSLK9Ec/iMM+VTBLXH9PbIKR4Zayo NTWLtccUmF3hW1QrglLlS2mMRMr/HDf51BS/292WkWtxiSVUka7i09Zd91u0SsthRLil PB+JrzpsJgjsFCM9Fl0IXwzS+9LebwklEcgcJ0jJzJWDGbxcdxSiHe6FSS/IvGabcbnw 1PtoY5MW/3K3y4I7dXpJsGVWutFJexlRFRnWVk1jwGseS35xR5rwTtmnXkTlfkxaikJJ Noeevrdq0Nph4ESpk5MXVzUyjC/R/r18jiKQyb6PbYFS9GhqVccPtmS6FV1AODSwDBnA eshQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025; h=x-gm-message-state:message-id:from:subject:to:mime-version :organization:date:x-original-sender :x-original-authentication-results:precedence:mailing-list:list-id :x-spam-checked-in-group:list-post:list-help:list-archive :list-subscribe:list-unsubscribe; bh=myEzvM6tMhYwHmtbCyi1YOozBhdLSJZo0eaZLw5SN0U=; b=P9ZudCgt0RaUGuXZLkfw0EqIHjWvqs7SbFuFgy5g4ZQrrqirwsnBuufAIjgrP/GXnx 2nH2YyLDlAgUihxyPyHe30IYEHDB3mFOK8opLxTqWYGJWn2Km63or4cafYqQu1U7SVfk WDkTkaeizLho7UrwZzKmAuUjD6Fwz6uS2uaDptIeR5j5/giox6TI7wjXcmol/ZttqHYn VSrHSgVWnAhXSqufKIaAnj1PHy+RKEtgBVzIY4QgM0xUiY3rgb7ZHYwfCY0RYh9NEZoe vRmstOrqpkYCvim9o1iVx58P2QUwDLSlN0MW2SkIFiRv85d11Ozalg7N2Wo/Yp/wlrle 8arg==
X-Gm-Message-State: ABuFfogCc3nGFjih4OUBZswvKSfp7fxJZr1Q+N1B8mQmmCvxJ4BErBli YYVvGav2cj0V1+XqrHZ7Hi3pCg== X-Google-Smtp-Source: ACcGV63nLEhAyI9t+6y0bclsthEBgz/K+oKCw+3VtPn9lnH84kNZWUKgrMaV8aWOOo9XmLOyIP76xw== X-Received: by 2002:a1c:7d2:: with SMTP id 201-v6mr2174387wmh.16.1540295913260;
Tue, 23 Oct 2018 04:58:33 -0700 (PDT)
X-BeenThere: aud30@geniboca.com Received: by 2002:a1c:2d46:: with SMTP id t67-v6ls572550wmt.12.gmail; Tue, 23
Oct 2018 04:57:56 -0700 (PDT)
X-Received: by 2002:a1c:1dc8:: with SMTP id d191-v6mr19530395wmd.27.1540295876292;
Tue, 23 Oct 2018 04:57:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1540295876; cv=none;
d=google.com; s=arc-20160816; b=0iaZGQB9WVWY7UCP0LaP0YN6cVQezm4iGu83CPFKw9Po27lPIZnLYC/FCVvEW+x0lZ +RC8NZ7TX5i+B3J5uncFmguvhVMXq83jVEYDxh2mo4dLG2ZRcWIvV/HMO/drnrgDwHC2 qxOqQABJ1bI/W5n8P/CB69sgIDuIS5pK5l8PbLD7iLMvE/GGoQigMaFGv/1wryTCPnPP mAR32kntD3Jdw68dtj5FGjsmKLxsC5nrCwV9lE5Ve3sSHPAQ5ilvUZJAHVIvpNOyjJ81 ImoB9MsDCFq37zlEN8WcazhaEFinTip2HXnLAn/3ENiIO4cfpeAe+pKSaLbwLK3ncyRy uO5A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=date:organization:mime-version:to:subject:from:message-id :dkim-signature; bh=myEzvM6tMhYwHmtbCyi1YOozBhdLSJZo0eaZLw5SN0U=; b=ftshOwLIDLVs2MJ8kQMZ/Q1VgNnXB3YUlaVlF10mHnkeXvUZFr50RtalOUyaP+YjfU NsX9oOpWMwQfYLrCJmFkef7AyTon4FSC1kMpUqLcLO10hBDB/ab36QbJHuyG+EtBBz/A 9eDtIwnS0MLIf1Tf/ZI4NcY45T+sBQWge9zX2W2bnRVnzPLbNalJKBXdg99aXsHGGX0i bvv2DcN3NcjIR1zPV0yCp6tvQEFcAx8n9XfZPhfNJ2cwKm8WWkjKsa64ei4+hh/6XvHW ZcbX6IxJ2v+7D3lXkTBGAvOm83n8HXlnEqMDjrU2NohWeKJaOZ4UVGDl9rlSSqIeZy7m SgDg==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@geniboca-com.20150623.gappssmtp.com header.s=20150623 header.b=ZkmHXaA9; spf=pass (google.com: domain of cbd3admin@geniboca.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=cbd3admin@geniboca.com
Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65])
by mx.google.com with SMTPS id v13-v6sor818139wrs.6.2018.10.23.04.57.56 for <aud30@geniboca.com> (Google Transport Security); Tue, 23 Oct 2018 04:57:56 -0700 (PDT)
Received-SPF: pass (google.com: domain of cbd3admin@geniboca.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65; X-Received: by 2002:a5d:438e:: with SMTP id i14-v6mr53456585wrq.156.1540295875894;
Tue, 23 Oct 2018 04:57:55 -0700 (PDT)
Received: from 160.177.226.235 ([196.112.71.176])
by smtp.gmail.com with ESMTPSA id q77-v6sm2337316wmd.33.2018.10.23.04.57.53 for <aud30@geniboca.com> (version=TLS1_2 cipher=AES128-GCM-SHA256 bits=128/128); Tue, 23 Oct 2018 04:57:54 -0700 (PDT)
Message-ID: <5bcf0cc2.1c69fb81.a99a7.cc6d@mx.google.com> From: "Vedda Blood Sugar" <cbd3admin@geniboca.com> Subject: Cook With THIS Oil and Crush Your Diabetes in 33 Days To: "aud30" <aud30@geniboca.com> Content-Type: multipart/alternative; boundary="fIYuOfcsjJHEHfFnbCZuSDSdxoW=_kgbG9" MIME-Version: 1.0 Organization: Vedda Blood Sugar Date: Tue, 23 Oct 2018 12:57:53 +0100 X-Original-Sender: cbd3admin@geniboca.com X-Original-Authentication-Results: mx.google.com; dkim=pass
header.i=@geniboca-com.20150623.gappssmtp.com header.s=20150623 header.b=ZkmHXaA9; spf=pass (google.com: domain of cbd3admin@geniboca.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=cbd3admin@geniboca.com
Precedence: list Mailing-list: list aud30@geniboca.com; contact aud30+owners@geniboca.com List-ID: <aud30.geniboca.com> X-Spam-Checked-In-Group: aud30@geniboca.com X-Google-Group-Id: 1016134023785 List-Post: <https://groups.google.com/a/geniboca.com/group/aud30/post>, <mailto:aud30@geniboca.com> List-Help: <https://support.google.com/a/geniboca.com/bin/topic.py?topic=25838>,
<mailto:aud30+help@geniboca.com>
List-Archive: <https://groups.google.com/a/geniboca.com/group/aud30/> List-Subscribe: <https://groups.google.com/a/geniboca.com/group/aud30/subscribe>,
<mailto:aud30+subscribe@geniboca.com>
List-Unsubscribe: <mailto:googlegroups-manage+1016134023785+unsubscribe@googlegroups.com>,
<https://groups.google.com/a/geniboca.com/group/aud30/subscribe>
X-myserver-MailScanner-Information: Please contact the ISP for more information X-myserver-MailScanner-ID: 1gEvKU-0001BP-IX X-myserver-MailScanner: Found to be clean X-myserver-MailScanner-SpamCheck: not spam (whitelisted), SpamAssassin (not cached, score=19.919, required 2, autolearn=spam,
Won't all fit so I include the rest in another post.
Here is the rest other than the actual body content:
SpamAssassin (not cached, score=19.919, required 2, autolearn=spam, AWL -5.84, BAYES_99 5.00, BAYES_999 1.00, DCC_CHECK 1.10, DIGEST_MULTIPLE 0.29, DKIM_SIGNED 0.10, DKIM_VALID -0.10, HTML_IMAGE_ONLY_16 1.09, HTML_IMAGE_RATIO_04 0.56, HTML_MESSAGE 0.00, KAM_DIABETES 4.50, MAILING_LIST_MULTI -1.00, PYZOR_CHECK 1.79, RAZOR2_CF_RANGE_51_100 1.89, RAZOR2_CHECK 0.92, RCVD_HELO_IP_MISMATCH 2.37, RCVD_IN_DNSWL_NONE -0.00, SPF_PASS -0.00, URIBL_ABUSE_SURBL 1.25, URIBL_BLACK 5.00, URIBL_BLOCKED 0.00) X-vanislebc-MailScanner-From: aud30+bncbcn5p66lqmpbbrezxtpakgqeqflidsa@geniboca.com X-Spam-Status: No
This is a multi-part message in MIME format
--fIYuOfcsjJHEHfFnbCZuSDSdxoW=_kgbG9 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline
Ndryshuar
sfhowes: many thanks for the fixed-up FiltaQuilla. Sad that kent has abandoned his add-ons.
nootkan: I take it you found "ctrl+u"?
I guess the unwanted messages appear in your Inbox? I get issues where something (apparently spamassassin) mis-identifies good messages and classes them as spam, so they get moved into a spam folder and therefore my filters miss them (since, for incoming email, Thunderbird only filters on the Inbox).
The crazy thing is that my ISP sends me notifications about messages that have been acted on by spamassassin, and their own filters take down their own messages.
But hey, in my experience, gmail's filters are even worse.
I see that geniboca appears in several headers, e.g. DKIM-Signature, so I would try and filter on one or more of those. Click the filter criteria drop-down, Customize..., and add one or more headers, and then add the rule, e.g., DKIM-Signature + contains + geniboca (see picture).
Sorry for the late reply. I've given up on Thunderbird for trying to stop spam emails and started using mailwatch/mailscanner which was installed on my server. It seems to be blocking the spam just fine so far. Knock wood.
Thanks to everyone for trying to help me understand filters better but unfortunately it just takes far too much of my time.
Your mailwatch/mailscanner option sounds like it it is working ok. In Thunderbird, I only use message filters for sorting good mail into various folders. I do not use message filters for stopping spam/junk as there is specialised one in Thunderbird for dealing with that sort of thing. I use the Junk Controls, set everything up and then trained TB to know what is Junk and what is not Junk. Sure the odd one gets through, but thousands do not. I've also got the server dealing with a load of spam before it gets to me which is helpful. But the fact that I still get loads of junk caught by Thunderbird means the server is useful but not as good as I would like.