On 08/19/2015 01:14 PM, Ben Greenfield wrote:
On Aug 19, 2015, at 4:08 PM, Viktor Dukhovni <postfix-us...@dukhovni.org> wrote:
On Wed, Aug 19, 2015 at 04:07:27PM -0400, Ben Greenfield wrote:
/^Received:\b.*\.eu\b REJECT
Is that correct or could someone point out what I'm doing wrong.
What you're doing wrong deciding that all mail from a .eu domain
should be blocked and trying to block said mail by looking at
Received headers.
Both the decision and the methodology are wrong.
I'm open to suggestions.
First explain the problem, rather than the solution.
We receive a lot of spam that have very rare top level domains .site, .link,
.website, .eu.
I have been using the custom header checks which appeared to working for me
until I started trying to reject the .eu mail. I was actually blocking all mail
that had .eu somewhere in the name.
I decided i needed a regex that would only match patterns at the end of the url.
Do you have a honeypot address?
I do that but still manually check them, as soon as I get 3 different
spammer IP addresses on same /24 I I block the /24 for two weeks.
Are you using any of the dns blacklists? That cut down on my spam
tremendously.
