You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by D Ivago <ba...@gmail.com> on 2007/01/29 09:19:20 UTC
block subject + subdomain
Hello,
I have 2 kinds of spam that still gets through with a 3.0 score setup.
- the first kind of spam is with subject that contain RX and is mostly like
a reply so 'Re:blahblahRXblah'
It does come from different smtp servers so denying the host is not an
option.
- the second kind of spam that still gets through is mail from
sender@$variabel.emv1.net
So the SUBdomain changes but the main domain is emv1.net , I allready
blaclisted those subdomains in my rc.local but can I also use a wildcard?
Now I just blacklist each subdomain like:
blacklist_from *@cdpro.emv1.net
blacklist_from *@consolists.emv1.net
thanks in advance for all suggestions!
ivago
Re: block subject + subdomain
Posted by Raul Dias <ra...@dias.com.br>.
On Mon, 2007-01-29 at 09:19 +0100, D Ivago wrote:
> - the first kind of spam is with subject that contain RX and is mostly
> like a reply so 'Re:blahblahRXblah'
> It does come from different smtp servers so denying the host is not an
> option.
not sure what do you want here.
> - the second kind of spam that still gets through is mail from sender@
> $variabel.emv1.net
> So the SUBdomain changes but the main domain is emv1.net , I allready
> blaclisted those subdomains in my rc.local but can I also use a
> wildcard? Now I just blacklist each subdomain like:
>
> blacklist_from *@cdpro.emv1.net
> blacklist_from *@consolists.emv1.net
Why not just blacklist it in the mta, so that you still save bandwidth?
e.g. sendmail access file:
emv1.net REJECT " hit the road jack"
If you think about blocking some legitmate messages from emv1.net, I
suggest, that you create a rule that flag that with low score and then
filter a copy to check it out for some time.
If you have procmail, you can try something like:
:0 c
* ^X-Spam-Status:.*ADD_YOUR_RULE_NAME_HERE.*
/spam/emv1_net.mbox
-Raul Dias