<p>SaneSecurity signatures are not for spam control.  They are additional antivirus/antimalware signatures that can utilized by ClamAV.</p><p>Spam control is is done using the built-in Spamhalter or a third party app like POPFile.  Both utilize bayesian filtering through which incoming mail passes.  Both add a header on which you can filter.  Both must be trained.  </p><p>I can't recommend one over the other because I've only used POPFile but my sense is that both are equally effective.  SpamHalter is built-in so is the logical one to utilize.  Support is available on this forum.</p><p>Edit:  Correction... Support is available on the Mercury Community Support forum </p><p>Also, There is a guide to SpamHalter available here:  http://www.vandenbogaerde.net/pegasusmail/pf_sh_index.html.  It is based on the Pegasus Mail helpfile but is applicable to Mercury in most respects. </p>

<p>Hi peeps,</p><p> After a long time of using an Excuse of a mail server, I've reverted to Mercury, and it feels good to be back!<span style="font-size: 10pt;"> Running 4.80 as a service (bought license)...</span></p><p>The only "problem" I have, like most people I suppose, is that of spam.  I've got Spamhalter ticked, configured MercuryS to use Spamhaus, abuseat, spamcop etc and also added transaction filters for certain words in the MercuryS exceptions.</p><p><span style="font-size: 10pt;">It's probably me not setting things up correctly, but these don't seem to cut the mustard.</span></p><p>So... I've written a little program that does what I need and it is triggered as a Policy on each mail that comes in.</p><p> We have a filter.rules file which specifies words to test each line for and the weight achieved when *all* are matched. For example, this is a simple rules file:</p><p><span style="white-space:pre"> </span>#weight, list of words separated by commas</p><p><span style="white-space:pre"> </span>100,subject:,flight,simulator</p><p><span style="white-space:pre"> </span>-1000,from:,@mydomain.com</p><p> *All* of the words have to appear for the weighting to be applied, so if "<span style="font-size: 13.3333px;">flight" and "simulator" </span>are in the body, and not the subject, this won't trigger. Similarly if it is sent from @mydomain.com the weighting is reduced so the rule doesn't trigger</p><p>This program allows other lines within the email text to be tested not just the ones provided for in the transaction filter.</p><p><span style="font-size: 10pt;">It is used like this:</span></p><p><span style="white-space:pre"> </span>Create a new policy</p><p><span style="white-space:pre"> </span> Type of task is "Run a program and examine the return code"</p><p><span style="font-size: 10pt;"><span style="white-space:pre"> </span>Command line is</span></p><p><span style="white-space:pre"> </span>mercuryfilter ~A TotalWeight AppendLog</p><p> <span style="font-size: 10pt; white-space: pre;"> </span><span style="font-size: 10pt;">for example:</span></p><p><span style="white-space:pre"> </span>mercuryfilter ~A 100 true</p><p><span style="font-size: 10pt;">This will  cause the program to trigger a policy failure if the total weighting of the all the rule triggers is equal to or greater than 100. It also creates a log file which can either be replaced by each new email or appended by each one. If you want to keep a log of all the emails passed through, set the AppendLog flag to true. There's a different log file for each day.</span></p><p>I also have step 4 set to forward the emails that fail to me, just so I can check... </p><p> <span style="font-size: 10pt;">If you want to have a try, it can be downloaded at http://www.ictis.net./downloads/MercuryFiltersInstaller.msi</span></p><p> <span style="font-size: 10pt;">Use with caution - no warranty is provided or implied! :-) It seems to do what I need it to here...</span></p><p> <span style="font-size: 10pt;">The program installs to the c:\mercury by default and needs DotNet 4.5.2 to be installed.</span></p><p> Hopefully I've not reinvented the wheel, but I'd appreciate any comments - especially if it's useful to someone else!</p><p> </p><p>Tym</p><p> </p>

<p>Interesting, and thanks for sharing it.</p><p>They always say that no two folks' spam is the same and I find that not much gets through my Mercury with a similar setup.  The main difference is that I use Clamwall with extra signatures from Sanesecurity.com, and that leaves little for a well-trained Spamhalter to do.</p><p>It's useful to have a log and the ability to forward spam mails as you do - just in case of false positives. </p>

<p>I'm use Clamwall with extra SaneSecurity signatures as well in conjunction with POPFile instead of Spamhalter.</p><p>All spam tagged messages are filtered to a Spam mailbox for review.  The rare false positives get fowarded to the appropriate user from there. </p>

<p>I've just had a look at <span style="font-family: Tahoma, Arial, Helvetica; font-size: 12.096px;">Sanesecurity.com and to be honest, it's confused me! </span></p><p><span style="font-size: 10pt;">I'd appreciate any guidance on how you set this up please as the spam email issue is rather annoying...</span></p>