<P>I asked the open-ended question, as the OP may find their answer in the process; e.g., a Content Control definition is disabled. Or perhaps they are employing blacklisting another manner, such as a filtering rule, like: If ListScan "@BLACK.PML" Delete "".</P> <P>He mentioned the use of Mercury. I'm sure this task would be best addressed via SMTP transaction-level filtering. </P>

<P>I'm getting roughly 20 emails an hour from a spambot that's mimicking the output from a registration form on our web site. Since it looks official, no simple spam halter rule will work. I assumed that I could simply add the "From" address to the black list and Pegasus would take care of it. However, the e-mails seem to be making it through. (I also put the same filter on Mercury, also to no avail). I've included the message headers below. The blacklisted address is <A href="mailto:awren@alynx.in">awren@alynx.in</A>. Is there any reason that this shouldn't work? So far as I know, I don't have anything earlier that would automatically white list this.</P> <P>Tom Doan</P> <P>  </P> <P>Received: from spooler by estima.com (Mercury/32 v3.32); 19 Nov 12 13:19:27 -0500 X-Envelope-To: sales Return-Path: <<A href="mailto:estima@lsh1003.lsh.siteprotect.com">estima@lsh1003.lsh.siteprotect.com</A>> Delivered-To: <<A href="mailto:sales@estima.com">sales@estima.com</A>> Received: from mf32.mfg.siteprotect.com ([192.168.31.235])  by stor15.mfg.siteprotect.com (Dovecot) with LMTP id g3CzK4+EqlAObAAAOQD4lA  for <<A href="mailto:sales@estima.com">sales@estima.com</A>>; Mon, 19 Nov 2012 13:17:17 -0600 Received: from mx01.mfg.siteprotect.com (unknown [192.168.33.97])  by mf32.mfg.siteprotect.com (Postfix) with ESMTP id 58ADA8000E08  for <<A href="mailto:sales@estima.com">sales@estima.com</A>>; Mon, 19 Nov 2012 13:17:20 -0600 (CST) Received: from lsh1003.lsh.siteprotect.com (lsh1003.lsh.siteprotect.com [64.71.32.13])  (using TLSv1 with cipher AES256-SHA (256/256 bits))  (No client certificate requested)  by mx01.mfg.siteprotect.com (Postfix) with ESMTPS id 68BF32720027  for <<A href="mailto:sales@estima.com">sales@estima.com</A>>; Mon, 19 Nov 2012 13:17:21 -0600 (CST) Received: from estima by lsh1003.lsh.siteprotect.com with local (Exim 4.72)  (envelope-from <<A href="mailto:estima@lsh1003.lsh.siteprotect.com">estima@lsh1003.lsh.siteprotect.com</A>>)  id 1TaWqO-00028c-9c  for <A href="mailto:sales@estima.com">sales@estima.com</A>; Mon, 19 Nov 2012 13:17:20 -0600 Date: Mon, 19 Nov 2012 13:17:20 -0600 Message-Id: <<A href="mailto:E1TaWqO-00028c-9c@lsh1003.lsh.siteprotect.com">E1TaWqO-00028c-9c@lsh1003.lsh.siteprotect.com</A>> To: <A href="mailto:sales@estima.com">sales@estima.com</A> From: <A href="mailto:awren@alynx.in">awren@alynx.in</A> Subject: Estima Registration X-CTCH-RefID: str=0001.0A020201.50AA85C0.0165,ss=1,re=0.000,fgs=0 X-Mail-Filter-Gateway-ID: 58ADA8000E08.A0960 Mail-Filter-Gateway: Scanned OK X-Mail-Filter-Gateway-SpamDetectionEngine: NOT SPAM,  MailFilterGateway Engine (score=-1, required 4, autolearn=disabled,  CTASD_SPAM_UNKNOWN -1.00) X-Mail-Filter-Gateway-From: <A href="mailto:estima@lsh1003.lsh.siteprotect.com">estima@lsh1003.lsh.siteprotect.com</A> X-Mail-Filter-Gateway-To: <A href="mailto:sales@estima.com">sales@estima.com</A> X-Spam-Status: No X-Antivirus: avast! (VPS 121119-0, 11/19/2012), Inbound message X-Antivirus-Status: Clean SPAMBOT X-PMFLAGS: 33570816 0 1 YV57SVQV.CNM                        </P>

<p>a simple Newmail filter on the From: should catch this without problem and with an action set, delete it</p><p>Martin </p>

That worked. Thanks. Any reason why the blacklist route might not work?

[quote user="Tom Doan"]Any reason why the blacklist route might not work?[/quote] How are you attempting to employ the blacklist?

<p>The Blacklist facility comes with Content Control. See menu Tools/Spam and Content Control. Select Content Control , then select the Basic Spam Detection, click Edit, and click the Exceptions tab and you will see a Blacklist.pml  (don't forget to Save any changes you make</p><p> Martin </p>