Spam junkmail


Maybe not specifically a symbiosis question… but my cloud server is currently being bombarded with spam from a TLD .date

I have spam assassin running but they are getting through… Can anyone suggest a way on Jessie to blanket block mail from a specific TLD please??


See manually blocking incoming mail from specific sources




(Which acts on the smtp reverse-path – nothing to do with the From header).

Ideally, you’d block pre-data so it’s worth looking at email defences; additional dns rbl.

As it happens, I used blacklist/by_sender for the first time last week. Spamassassin rejected about 350 messages from a single address. The flow stopped soon after by_sender took affect and I’ve since removed the address. Incidentally, I hacked the reject by_sender count onto the latest rblinfo script but it will only report if /etc/exim4/blacklist/by_sender exists…

admin@vm1:~$ /srv/.all-sites/utils/rblinfo

   17 rbl services configured (non-spamhaus might 'tag')
   11 rbl services show log rejection messages

  service                         sites     rejections
--------------------------------------------------------                   29             92                        10             84             18             69                   12             25                 18             17      14             15                   18             13                 14             10                   15              4                   8              1                    18              1                     14              0                     1              0                   5              0                 2              0                  5              0                     8              0
  TOTAL                               -            331
  spamassassin                       29             19
  clamav                             29              1
  locally blacklisted sender          -              0
  v20180724 : ~0.19s


I have the following command in the crontab so that Spam Assassin learns what is spam and valid mail (ham).

@daily sa-learn --ham /srv/*/mailboxes/*/Maildir/ && sa-learn --spam /srv/*/mailboxes/*/Maildir/.Junk/ /srv/*/mailboxes/*/Maildir/.Spam/

I find the it works well, I’ll get a spike of a particular message for a day or two and after moving it to my junk/spam folders then I stop getting the messages thereafter.


Thanks for the suggestions chaps :slight_smile:

I’ve created etc/exim4/blacklist/by_sender

Does this require a restart?


I’m fairly sure exim4 will pick it up on-the-fly.

zgrep '>: Sender locally blacklisted' /var/log/exim4/rejectlog*


Yes… thanks again… email bombardment has ceased. No restart required.