I'm trying to block domain qq.com using Mail Content Filter. I followed this how to i'm still getting emails in JUNK folder from qq.com domain, any ideas how to block it from the server completely? (see attached Mail Content Filter for qq.com domain)
I'm still getting SPAM from qq.com domain after I updated Regexp. Pattern: /<.+?@.+?\.qq\.com>/ in Mail Content Filter. Code: Return-Path: <[email protected]> Delivered-To: [email protected] Received: from localhost (localhost.localdomain [127.0.0.1]) by sun.mydomain.com (Postfix) with ESMTP id 3BFC91488F69 for <[email protected]>; Mon, 10 Dec 2018 15:16:56 -0600 (CST) X-Virus-Scanned: Debian amavisd-new at sun.mydomain.com X-Spam-Flag: YES X-Spam-Score: 10.487 X-Spam-Level: ********** X-Spam-Status: Yes, score=10.487 tagged_above=1 required=4.5 tests=[BAYES_50=0.8, FREEMAIL_DISPTO=0.249, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, FROM_EXCESS_BASE64=0.979, HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.377, MIME_HTML_ONLY=0.723, RCVD_IN_RP_RNBL=1.31, RCVD_IN_SORBS_DUL=0.001, RDNS_NONE=0.793, SCHAALIT_HEADER_3635=5, SPF_FAIL=0.001, SPF_HELO_FAIL=0.001, UNPARSEABLE_RELAY=0.001] autolearn=no autolearn_force=no Received: from sun.mydomain.com ([127.0.0.1]) by localhost (sun.mydomain.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qq6g-5nf2aNF for <[email protected]>; Mon, 10 Dec 2018 15:16:54 -0600 (CST) Received: from qq.com (unknown [125.118.240.17]) by sun.mydomain.com (Postfix) with SMTP id 0022B1488E9C for <[email protected]>; Mon, 10 Dec 2018 15:16:53 -0600 (CST) Received: from qq.com (unknown (196.223.112.135]) by qq.com with SMTP id fdcb31d2-43ba-445a-8167-1cec4abe1812; for <[email protected]>;Tue, 11 Dec 2018 05:16:41 +08:00 Message-ID: <[email protected]> From: "=?utf-8?B?55m96Im+6KeC?=" <[email protected]> To: <[email protected]> Subject: =?UTF-8?Q?***SPAM***drZbqmiRE=EF=BC=9A=E5=B9=B8=E7=A6=8F=E9=95=BF=E5=8F?= =?UTF-8?Q?=88=E9=95=BF=EF=BC=81=E5=A8=B1=E4=B9=90=E5=9F=8E=E7=9C=9F=E4=BA?= =?UTF-8?Q?=BA=E5=8D=9A(=E5=BD=A9=E5=B9=B3=E5=8F=B0=EF=BC=81=E9=A9=BB*=E6?= =?UTF-8?Q?=81=BB=E5=B6=BA18=E2=92=8F=E7=B6=B5-=E9=87=91~=E6=89=BE=E4=BC?= =?UTF-8?Q?=81=E2=80=A6=E9=B9=85862070751=E6=B8=85=E5=BB=89604951-C?= 0 M Date: Tue, 11 Dec 2018 05:16:41 +0800 MIME-Version: 1.0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable Disposition-Notification-To: [email protected]
Jesse thank you, above code worked. Somehow I'm getting lots of SPAM from other TLD, I would have to block each domain manually. What's the best approach to fight SPAM. Do I block whole country, or TLD such as .ru or .cz etc?
Just like security, the best approach is multiple/layered. Some things to get started: install postscreen using weighted rbl's (and use postwhite along with it), make sure you're running a recent version of spamassassin, and configure optional plugins for it (pyzor, razor, dcc, txrep, hashbl, etc .. browse through the /etc/spamassassin/*.pre files and see what plugins are available but commented out, check the docs for each one and configure/use the ones that are appropriate), keep a corpus of hand-sorted spam/ham and train (bayes and txrep) from that. There is a lot more you can do (consult the spamassassin documentation and users list archives for ideas), but that's a start. TLD blocking works really well for some tld's (I don't use country tld's offhand, but you could if your userbase is small/known to not need those). I haven't used greylisting for a few years, as postscreen offers a similar effect with less legitimate mail interfered with, but recently added selective greylisting back in using mtpolicyd, and it has been very effective for delaying zero-day spam long enough to get added to blacklists/checksum databases. (selective as in not all mail gets greylisted, eg. servers on dnswl high trust level bypass it, etc.)
As a short outlook into the future. ISPConfig 3.2 comes with support for rspamd (as optional amavisd replacement), the filter rate offrom rspamd is much better than spamassassin/amavis in our tests and it is way faster too. The code has been submitted in master a few days ago, but master branch is undergoing major changes at the moment, so nothing that you should install on a live server for now.
Thank you Jesse! Already have postscreen & postwhite installed/configured. I do have to check spamassassin version. I run OS-Updates (aptitude -y upgrade) on my servers as soon as they become available, would they update spamassassin? I do have to look at plugins (pyzor, razor, dcc, txrep, hashbl, etc). For the user who had SPAM issues I went to MAIL DOMAIN and set Spamfilter to "Delete SPAM" which seem to minimize the SPAM user was getting. Till that's great news, keep up the good work and thank you, looking forward for 3.2 release As we all know SPAM is a big issue nowadays, somehow spammers are always ahead of us, and always find new ways to SPAM our inbox.
This will not update the rulesets for spamassassin. We use a script, that checks for updates every hour and updates spamassassin if new rules are available. https://sa.schaal-it.net/
