On 6/1/2015 11:09 AM, Elijah Savage wrote: > I am seeing thousands of spam messages beginning on Thursday of last > week from the same subnet. I know it is not best practice to fight > spam by outright blocking ip addresses but I am seeing this across > multiple domains in different parts of the country. The easy and > immediate thought was just block the subnet but I do not like > utilizing that practice. I think I know the answer but will ask > anyway, do you all think there is a high probability to get false > positives from those with incorrect DNS setups in using > > > > reject_non_fqdn_hostname, > > > > And will that parameter stop the traffic from below? Or should I > just go ahead and try filtering the email with a spamassassin custom > rule using the subject line? Across all domains the subject is > really close. > > > > Received: from dewqatuse.us (unknown [75.75.227.95]) ...
The reject_non_fqdn_hostname restriction will not block any of these. OTOH, I consider that a moderately safe restriction, so feel free to try it for other spam. Use it with warn_if_reject for a while to see what it would block. and I don't see anything wrong with blocking a netblock that sends a high volume of nothing but spam. Just don't get caught up in spending too much time on trying to identify spamblocks. Are you using some dns blocklists? Looks as if these are listed by zen.spamhaus.org and others. -- Noel Jones
