Blocking certain emails from domains at server level

Poooh · August 2, 2011, 1:43pm

Hi,

We’re getting LOADS of spam from froged addresses like

suscribe-580@santifjobs.com
suscribe-987@santifjobs.com

and we’de like to know what would be the correct syntax to block these in the: “MTA Level Inbound E-mail Address Blacklist:” in the “Mail Server Management :: MTA” configuration.

Any ideas?

Thanks,

IWorx-Dan · August 10, 2011, 11:15am

Hi Pooh,
Try:
.*@santifjobs.com

.* is a common regex pattern which means match any character, any number of times (0-infinity)

Let me know if that works out for you.

Poooh · August 13, 2011, 11:54am

Hi Daniel,

I’m used to the * and ? expressions, but I don’t understand the need for the dot before .* like here:

.*@santifjobs.com

Another thing I’d like to block: all the emails containing the words “Ruby” or “Casino”. How could this be achieved here?

Thanks!

zombie_process · August 25, 2011, 1:26pm

I’m not Daniel, but in regex

. = any character

= 0 or more of the preceding character

so .* basically means any character, and any number of any character following that character.

Poooh · August 27, 2011, 10:15pm

Thanks zombie_process.

Any ideas on how to do this?

“Another thing I’d like to block: all the emails containing the words “Ruby” or “Casino” in the subject.”

Thanks!

zombie_process · August 28, 2011, 7:52am

It’s been quite a while since I’ve used SA (I’m currently in the planning stages of our iworx deployment) but their wiki is very helpful.

http://wiki.apache.org/spamassassin/WritingRules
http://wiki.apache.org/spamassassin/WhereDoLocalSettingsGo

In that first link, look for the piece on body rules - I don’t remember if you can flag on just the subject, but IIRC that was a problem for me in the past. If all you care about is an exact match on “Ruby” or Casino" it’ll be simple. If the sender obfuscates the words by adding spaces, etc, in the middle, it’s less simple.

A super basic rule could be:

body LOCAL_CASINO_RULE   /\bcasino\b/i
score LOCAL_CASINO_RULE 95

which looks for the word casino with spaces on either side, ignoring case, and sets the spammyness to 95. But dig around some, and keep in mind that poorly written rules can and will degrade SA performance. The SA mailing list was very useful as well.

Poooh · August 28, 2011, 9:41am

Thanks, but I wanted to know what to add here: “MTA Level Inbound E-mail Address Blacklist:” in the “Mail Server Management :: MTA” configuration"

Daniel

Poooh · September 17, 2011, 9:36am

Hi again,

Could someone please give me a hand? Please, please, please…

Spamassasin isn’t in use on our server and we really need to block certain words like the ones above in the subject line of ALL incoming emails.

Thanks so much.

Daniel