block subject + subdomain

[D Ivago <ba...@gmail.com>]

Hello,

I have 2 kinds of spam that still gets through with a 3.0 score setup.

- the first kind of spam is with subject that contain RX and is mostly like
a reply so 'Re:blahblahRXblah'
It does come from different smtp servers so denying the host is not an
option.

- the second kind of spam that still gets through is mail from
sender@$variabel.emv1.net
So the SUBdomain changes but the main domain is emv1.net , I allready
blaclisted those subdomains in my rc.local but can I also use a wildcard?
Now I just blacklist each subdomain like:

blacklist_from *@cdpro.emv1.net
blacklist_from *@consolists.emv1.net

thanks in advance for all suggestions!

ivago

Re: block subject + subdomain

[Raul Dias <ra...@dias.com.br>]

On Mon, 2007-01-29 at 09:19 +0100, D Ivago wrote:

> - the first kind of spam is with subject that contain RX and is mostly
> like a reply so 'Re:blahblahRXblah'
> It does come from different smtp servers so denying the host is not an
> option. 
not sure what do you want here.


> - the second kind of spam that still gets through is mail from sender@
> $variabel.emv1.net
> So the SUBdomain changes but the main domain is emv1.net , I allready
> blaclisted those subdomains in my rc.local but can I also use a
> wildcard? Now I just blacklist each subdomain like:
> 
> blacklist_from *@cdpro.emv1.net
> blacklist_from *@consolists.emv1.net

Why not just blacklist it in the mta, so that you still save bandwidth?
e.g. sendmail access file:
emv1.net REJECT " hit the road jack"

If you think about blocking some legitmate messages from emv1.net, I
suggest, that you create a rule that flag that with low score and then
filter a copy to check it out for some time. 
If you have procmail, you can try something like:
:0 c
* ^X-Spam-Status:.*ADD_YOUR_RULE_NAME_HERE.*
/spam/emv1_net.mbox


-Raul Dias