Most often these spammers are sending from Internet Cafes or from infected home PCs. This generally means that the originating IP *does not have a reverse DNS entry*. This means that the inbound MTA (or some inbound MTA) is going to add a Received: header with 'unknown' as the host it is receiving from.
Putting in a spam filter like this:
Received: from.*(unknown \[\d+\.\d+\.\d+\.\d+\])
with Hold action will catch these.
(note: *some* E-Mail clients will also do this, so sometimes you will get a legit post from an 'unknown' SMTP server. Using "hold" allows you to pass those along.)
Also: If you can install something like Spamassassin+Mimedefang and setting it to include spam scores, you can also have a spam filter for that.
Also you can look at the full headers and look at the Received: headers.
Sometimes the anon. IP address do have a reverse DNS entry (eg something like
nnn-nnn-nnn-nnn-dsl-home-network.telecom.ru or some such nonsense -- something
other than a more typical outboundmail.someprovider.com). In which
case you can craft a spam filter for those as well.
At Thu, 5 Oct 2017 11:24:18 +0200 "Sebastian Jung" Jung.Jena@gmx.de wrote:
Hi all,
I administrate a Mailinglist where by default only members of the list are allowed to post messages. Lately we have Spam-Emails where the creator uses a "From"-Adress in the form of:
regularListMember@somedomain.com someSpamAddress@dubiosDomain.TLD
Mailman does not block those Emails since the known and allowed Email-adress appears with in the From-Field although it is just part of the name tag. Do you know, if there is some option to deal with the problem or to set a regular-expression to filter out such unwanted mails?
Thanks in advance Sebastian
Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/heller%40deepsoft.com
-- Robert Heller -- 978-544-6933 Deepwoods Software -- Custom Software Services http://www.deepsoft.com/ -- Linux Administration Services heller@deepsoft.com -- Webhosting Services