Spam junkmail


#1

Maybe not specifically a symbiosis question… but my cloud server is currently being bombarded with spam from a TLD .date

I have spam assassin running but they are getting through… Can anyone suggest a way on Jessie to blanket block mail from a specific TLD please??


#2

See manually blocking incoming mail from specific sources

/etc/exim4/blacklist/by_sender

containing

*.date

(Which acts on the smtp reverse-path – nothing to do with the From header).

Ideally, you’d block pre-data so it’s worth looking at email defences; additional dns rbl.

As it happens, I used blacklist/by_sender for the first time last week. Spamassassin rejected about 350 messages from a single address. The flow stopped soon after by_sender took affect and I’ve since removed the address. Incidentally, I hacked the reject by_sender count onto the latest rblinfo script but it will only report if /etc/exim4/blacklist/by_sender exists…

admin@vm1:~$ /srv/.all-sites/utils/rblinfo

   17 rbl services configured (non-spamhaus might 'tag')
   11 rbl services show log rejection messages

  service                         sites     rejections
--------------------------------------------------------
  zen.spamhaus.org                   29             92
  all.s5h.net                        10             84
  b.barracudacentral.org             18             69
  all.spamrats.com                   12             25
  truncate.gbudb.net                 18             17
  hostkarma.junkemailfilter.com      14             15
  dbl.spamhaus.org                   18             13
  ubl.unsubscore.com                 14             10
  bl.mailspike.net                   15              4
  dnsbl.dronebl.org                   8              1
  multi.uribl.com                    18              1
  bl.spamcop.net                     14              0
  dnsbl.sorbs.net                     1              0
  dyna.spamrats.com                   5              0
  excommunicado.co.uk                 2              0
  noptr.spamrats.com                  5              0
  rhsbl.sorbs.net                     8              0
  TOTAL                               -            331
--------------------------------------------------------
  spamassassin                       29             19
  clamav                             29              1
  locally blacklisted sender          -              0
--------------------------------------------------------
  v20180724 : ~0.19s

#3

I have the following command in the crontab so that Spam Assassin learns what is spam and valid mail (ham).

@daily sa-learn --ham /srv/*/mailboxes/*/Maildir/ && sa-learn --spam /srv/*/mailboxes/*/Maildir/.Junk/ /srv/*/mailboxes/*/Maildir/.Spam/

I find the it works well, I’ll get a spike of a particular message for a day or two and after moving it to my junk/spam folders then I stop getting the messages thereafter.


#4

Thanks for the suggestions chaps :slight_smile:

I’ve created etc/exim4/blacklist/by_sender

Does this require a restart?


#5

I’m fairly sure exim4 will pick it up on-the-fly.

zgrep '>: Sender locally blacklisted' /var/log/exim4/rejectlog*

#6

Yes… thanks again… email bombardment has ceased. No restart required.