Forum Discussion
Transport Rules to Block Messages Containing Certain Content
I created a rule to reject messages with explanation (error 550 No Such User here) when messages sent from outside senders contain the pattern in the subject or message body "lh3.googleusercontent.com." This was to reduce the volume of messages sneaking through the filters and getting delivered to the inbox as well as to reduce the volume going into the quarantine. Auditing this rule shows that not a single email message has been rejected. Hundreds of messages per week do indeed contain this phrase in the body of the message. Is there some reason why a rule would not match? The messages generally contain one very long string beginning with https://lh3.googleusercontent.com followed by a very long string of characters which when retrieved pull up an image.
3 Replies
This is HMTL content? If so, the issue might be that text-matching in transport rules is done on the basis of formatted text rather than the underlying HTML. At least, I think this is the case.
Yes, it is html content. There is no repeatable text pattern for which to match in these spam mails. One would think that EOP would block content like this. Is there any way to create a filtering rule for html content?
EOP doesn't use transport rules. They have their own many and varied ways to parse content to detect problems.
https://technet.microsoft.com/en-us/library/bb123534%28v=exchg.160%29.aspx?f=255&MSPPError=-2147217396 (Set-TransportRule documentation) doesn't indicate how you could check HTML rather than formatted words. I shall try and find out.
TR
