[Mailman-Users] Filtering of unwanted Spam-Emails
Robert Heller
heller at deepsoft.com
Thu Oct 5 13:47:48 EDT 2017
Most often these spammers are sending from Internet Cafes or from infected
home PCs. This generally means that the originating IP *does not have a
reverse DNS entry*. This means that the inbound MTA (or some inbound MTA) is
going to add a Received: header with 'unknown' as the host it is receiving
from.
Putting in a spam filter like this:
Received: from.*(unknown \[\d+\.\d+\.\d+\.\d+\])
with Hold action will catch these.
(note: *some* E-Mail clients will also do this, so sometimes you will get a
legit post from an 'unknown' SMTP server. Using "hold" allows you to pass
those along.)
Also: If you can install something like Spamassassin+Mimedefang and setting
it to include spam scores, you can also have a spam filter for that.
Also you can look at the full headers and look at the Received: headers.
Sometimes the anon. IP address do have a reverse DNS entry (eg something like
nnn-nnn-nnn-nnn-dsl-home-network.telecom.ru or some such nonsense -- something
other than a more typical outboundmail.someprovider.com). In which
case you can craft a spam filter for those as well.
At Thu, 5 Oct 2017 11:24:18 +0200 "Sebastian Jung" <Jung.Jena at gmx.de> wrote:
>
> Hi all,
>
> I administrate a Mailinglist where by default only members of the list are
> allowed to post messages. Lately we have Spam-Emails where the creator
> uses a "From"-Adress in the form of:
>
> regularListMember at somedomain.com <someSpamAddress at dubiosDomain.TLD>
>
> Mailman does not block those Emails since the known and allowed
> Email-adress appears with in the From-Field although it is just part of
> the name tag.
> Do you know, if there is some option to deal with the problem or to set a
> regular-expression to filter out such unwanted mails?
>
> Thanks in advance
> Sebastian
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/heller%40deepsoft.com
>
>
--
Robert Heller -- 978-544-6933
Deepwoods Software -- Custom Software Services
http://www.deepsoft.com/ -- Linux Administration Services
heller at deepsoft.com -- Webhosting Services
More information about the Mailman-Users
mailing list