Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Black List Question

6 views
Skip to first unread message

Thomas Curtis

unread,
Jul 13, 2012, 4:54:10 PM7/13/12
to
We are recieving an in ordinate amount of crap email that is not being filtered anywhere.  It seems to be coming from some dink somewhere sending from wizstar@<various domains>
I have setup whitelist_sender and blacklist_sender parameters.  Those work with wildcarding on the domain, eg *@gmail.com, but not something like wizstar@*  Does anyone know if this is possible or if SpamAssassin is a route or how we can shut this guy down.

Thanks,

--
Thomas J. Curtis

Simon Brereton

unread,
Jul 13, 2012, 5:27:52 PM7/13/12
to
An example could help. What is the spam score on these mails?

Simon

Patrick Ben Koetter

unread,
Jul 13, 2012, 5:30:02 PM7/13/12
to
* Thomas Curtis <thomas....@gmail.com>:
> We are recieving an in ordinate amount of crap email that is not being
> filtered anywhere. It seems to be coming from some dink somewhere sending
> from wizstar@<various domains>
> I have setup whitelist_sender and blacklist_sender parameters. Those work
> with wildcarding on the domain, eg *@gmail.com, but not something like
> wizstar@* Does anyone know if this is possible or if SpamAssassin is a
> route or how we can shut this guy down.

Is the miscreant using the sender address as envelope sender address or as
FROM:-header address? If it is the envelop sender address you might consider
rejecting the sender at SMTP level BEFORE the message hits amavis.

In Postfix you would add something like this to main.cf's
smtpd_recipient_restrictions:

smtpd_recipient_restrictions =
...
check_sender_access pcre:/etc/postfix/wizstar.pcre
...
permit_mynetworks
reject_unauth_destination
...

In /etc/postfix/wizstar.pcre you would have something like this:

/^wizstar@.*$/ REJECT

That should reject any message from any sender whose localpart is wizstar.

p@rick

--
All technical questions asked privately will be automatically answered on the
list and archived for public access unless privacy is explicitely required and
justified.

saslfinger (debugging SMTP AUTH):
<http://postfix.state-of-mind.de/patrick.koetter/saslfinger/>

Ralf Hildebrandt

unread,
Jul 13, 2012, 5:33:20 PM7/13/12
to
* Patrick Ben Koetter <p...@state-of-mind.de>:

> In /etc/postfix/wizstar.pcre you would have something like this:
>
> /^wizstar@.*$/ REJECT

Or simply:
/^wizstar@/ REJECT

--
Ralf Hildebrandt Charite Universitätsmedizin Berlin
ralf.hil...@charite.de Campus Benjamin Franklin
http://www.charite.de Hindenburgdamm 30, 12203 Berlin
Geschäftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155

Mark Martinec

unread,
Jul 15, 2012, 8:34:07 AM7/15/12
to
Thomas,

> We are recieving an in ordinate amount of crap email that is not
> being filtered anywhere. It seems to be coming from some dink
> somewhere sending from wizstar@<various domains>
> I have setup whitelist_sender and blacklist_sender parameters.
> Those work with wildcarding on the domain, eg *@gmail.com, but
> not something like wizstar@* Does anyone know if this is possible
> or if SpamAssassin is a route or how we can shut this guy down.

Possible in amavisd too, unless you want to do it in postfix.
The syntax for an entry in hash and acl lookups is 'wizstar@',
the syntax in regexp lookups is /^wizstar\@/ .
See README.lookups

Mark

0 new messages