[Mailman-Users] Filtering of unwanted Spam-Emails

Robert Heller heller at deepsoft.com
Thu Oct 5 13:47:48 EDT 2017 

Most often these spammers are sending from Internet Cafes or from infected 
home PCs.  This generally means that the originating IP *does not have a 
reverse DNS entry*.  This means that the inbound MTA (or some inbound MTA) is 
going to add a Received: header with 'unknown' as the host it is receiving 
from.

Putting in a spam filter like this:

Received: from.*(unknown \[\d+\.\d+\.\d+\.\d+\])

with Hold action will catch these.

(note: *some* E-Mail clients will also do this, so sometimes you will get a 
legit post from an 'unknown' SMTP server.  Using "hold" allows you to pass 
those along.)

Also:  If you can install something like Spamassassin+Mimedefang and setting 
it to include spam scores, you can also have a spam filter for that.

Also you can look at the full headers and look at the Received: headers.  
Sometimes the anon. IP address do have a reverse DNS entry (eg something like 
nnn-nnn-nnn-nnn-dsl-home-network.telecom.ru or some such nonsense -- something 
other than a more typical outboundmail.someprovider.com).  In which 
case you can craft a spam filter for those as well.

At Thu, 5 Oct 2017 11:24:18 +0200 "Sebastian Jung" <Jung.Jena at gmx.de> wrote:

> 
>    Hi all,
> 
>    I administrate a Mailinglist where by default only members of the list are
>    allowed to post messages. Lately we have Spam-Emails where the creator
>    uses a "From"-Adress in the form of:
> 
>    regularListMember at somedomain.com <someSpamAddress at dubiosDomain.TLD>
> 
>    Mailman does not block those Emails since the known and allowed
>    Email-adress appears with in the From-Field although it is just part of
>    the name tag.
>    Do you know, if there is some option to deal with the problem or to set a
>    regular-expression to filter out such unwanted mails?
> 
>    Thanks in advance
>    Sebastian
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/heller%40deepsoft.com
> 
>                                                          

-- 
Robert Heller             -- 978-544-6933
Deepwoods Software        -- Custom Software Services
http://www.deepsoft.com/  -- Linux Administration Services
heller at deepsoft.com       -- Webhosting Services

More information about the Mailman-Users mailing list