Re: [rspamd] Blocking messages from my domain from outside senders?

[Felix Schwarz]

Am 08.12.2016 um 16:07 schrieb Dan Swartzendruber:
> I've noticed I occasionally get emails from senders using my domain. They are
> NOT coming from authenticated outside senders (e.g. using postfix SASL on port
> 587), but are delivered using regular SMTP. They always include an attachment
> to click on :) The trickiness is that the sender is something like
> scanner@MYDOMAIN, and the information does look like it could have been sent
> by a scanner of some sort. Is there a recommended way to block/flag these?

My first question in these cases is always: "Why do you care?"

Background: Every time I check the spam on my server I'm kind of bothered by
all these stupid mistakes made by spammers and I'm tempted to add a new rule
or mechanism to detect that kind of spam even better.
However when after some thinking I realize that all of these spam messages are
detected by rspamd anyway so why bother?

=> Usually I don't need to write specific rules so I can use the time to
optimize my mail setup in general (e.g. by enabling some more rspamd
features).


One thing you can try is to implement SPF (and possibly DKIM+DMARC). As these
spammer are not legit senders they will fail the SPF/DKIM/DMARC check which
will earn them a few extra points in spam score (and it makes it more unlikely
that a spammer will use your domain name as "sender" address).

fs

[Dan Swartzendruber]

These aren't though (at least, not a significant number of them...)  I deleted the OP, because I figured out a trivial way to block these in postfix itself.