Jump to content


Photo

Barracuda fails to block Chinese spam


  • Please log in to reply
9 replies to this topic

#1 Sean Fahey

Sean Fahey
  • Members
  • 4 posts

Posted 16 May 2014 - 08:52 AM

Our 'cuda is set to block Chinese under Block/Accept->Regional Settings->Character Set Policies but yet the Chinese spam just keeps rolling in. None of it is whitelisted in any way.

 

Any suggestions?



#2 Jaybone

Jaybone
  • Members
  • 125 posts

Posted 19 May 2014 - 03:25 PM

Dumb question - are you sure it's really Chinese?



#3 Alexander Castillo

Alexander Castillo
  • Members
  • 3 posts

Posted 11 June 2018 - 09:56 AM

Hello,

 

I'm having the same problem.

 

I'm sure that the incoming email is Chinese. I have enable on regional settings to block chinease.

 

Some update?



#4 Michael Manning

Michael Manning
  • Members
  • 270 posts
  • LocationOhio, USA

Posted 11 June 2018 - 10:14 AM

Maybe block or quarantine Japanese as well since both Chinese and Japanese use Kanji characters which might confuse the issue?



#5 Alexander Castillo

Alexander Castillo
  • Members
  • 3 posts

Posted 11 June 2018 - 10:22 AM

I blocked all except hebrew, I tried with russian and also still marked as Allow and arrived to my inbox.



#6 Michael Manning

Michael Manning
  • Members
  • 270 posts
  • LocationOhio, USA

Posted 11 June 2018 - 10:42 AM

How weird. I have all special character sets configured to be quarantined. As far as I know they have been. Now I'm curious and will have to investigate whether or not they really are.



#7 Michael Manning

Michael Manning
  • Members
  • 270 posts
  • LocationOhio, USA

Posted 11 June 2018 - 11:16 AM

I looked at the logs on my ESG300 and filtering for reason > body language I turned up maybe 10 to 15 results. The strange thing is that while the reason was listed as 'body (language : windows)' where language is the specific character set such as arabic, russian, etc., none of the messages actually had that specific character set in either the message or the header info. 

 

so that leaves me to wonder does the Character Set Policies option work correctly at all?



#8 Alexander Castillo

Alexander Castillo
  • Members
  • 3 posts

Posted 11 June 2018 - 11:36 AM

Exactly, for example I used  my personal email and sent me an email in chinese (subject and body) and it marked as allow.



#9 Michael Manning

Michael Manning
  • Members
  • 270 posts
  • LocationOhio, USA

Posted 12 June 2018 - 09:44 AM

Exactly, for example I used  my personal email and sent me an email in chinese (subject and body) and it marked as allow.

I opened a case and a tech tunneled into my system and looked at the message logs. He did see the messages I mentioned that were being filtered as supposedly containing Cyrillic or Arabic character despite not actually containing these characters and mentioned that the filtering is actually based on header information, not necessarily characters contained in the message body. In my case the messages that were filtered for supposedly containing Arabic text yet only actually contained western characters had this in the header

 

Content-Type: text/plain; charset="windows-1256"
Content-Transfer-Encoding: quoted-printable

 

The windows-1256 is the code for Arabic character set. So somehow the sender's email server is sending out messages containing only English/western characters but is configured to use an Arabic character set??

 

Perhaps in the case of the messages that contain Chinese the sender has the server configured in a way to get around this by showing it uses an accepted character set?



#10 Michael Manning

Michael Manning
  • Members
  • 270 posts
  • LocationOhio, USA

Posted 12 June 2018 - 11:06 AM

Perhaps this is the right path

 

https://community.ba...e-spam/?p=82877

 

EDIT I've started using the content filter for Han Chinese as described in the link above and it does seem to work as expected, though it did quarantine one message that I couldn't figure out what the trigger was. The one issue here is though that some of the messages that were filtered were from some or our international partners who simply had a line in their message in chinese, probably to indicate you could click there for a chinese version of the message.