Page 1 of 1
how to make spam rule for specific "envelope-from" entry
Posted: Thu Nov 18, 2010 9:23 am
by BruceLee
Hi,
I would like to catch spam with this envelope-from entry. Blacklisting the domain mailfrom.com in spamdyke doesn't help since it's not originating from there.
Code: Select all
Received: (qmail 22309 invoked by uid 10039); 17 Nov 2010 15:42:26 +0100
Received: from ppp-124-120-27-2.revip2.asianet.co.th by MYSERVER (envelope-from <error@mailfrom.com>, uid 2020) with qmail-scanner-2.08st
(clamdscan: 0.96.4/12273. spamassassin: 3.2.5. perlscan: 2.08st.
Clear:RC:0(124.120.27.2):SA:1(6.0/4.0):.
Processed in 1.422905 secs); 17 Nov 2010 14:42:26 -0000
X-Spam-Status: Yes, hits=6.0 required=4.0
X-Spam-Level: ++++++
Received: from ppp-124-120-27-2.revip2.asianet.co.th (124.120.27.2)
by MYSERVER with SMTP; 17 Nov 2010 15:42:23 +0100
Received: from [209.142.94.59] (account williamsnekula70@truck-turner.de HELO vvcmoifztvfr.hbavekho.biz)
by ppp-124-120-27-2.revip2.asianet.co.th (CommuniGate Pro SMTP 5.2.3)
with ESMTPA id 777624131 for <info@valid-email-address.tld>; Wed, 17 Nov 2010 21:42:21 +0700
From: Stewart Ferguson <hendersonhaqike20@peter-eder.at>
To: <<info@valid-email-address.tld>>
Subject: ***SPAM*** MEDIUM * die Analoge von Schweizer-Armbanduhren zum reduzierten Preis.
Date: Wed, 17 Nov 2010 21:42:21 +0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_oihsv_69_70_41"
X-Priority: 3
X-Mailer: jfni 12
Message-ID: <0862499354.CLEMB6WH217767@brkkw.zmdppgnf.biz>
I would like to use an ASL spam rule or a Spamassassin one. That doesn't matter.
Any help or advice appreciated. Thank you.
Re: how to make spam rule for specific "envelope-from" entry
Posted: Thu Nov 18, 2010 9:53 am
by scott
So you want to blacklist everything from "peter-eder.at"?
in spamassassin that would be:
blacklist_from *@peter-eder.at
Re: how to make spam rule for specific "envelope-from" entry
Posted: Thu Nov 18, 2010 10:07 am
by BruceLee
thanks for the quick reply.
I would like to catch everything from the "envelope-from" entry that is
error@mailfrom.com. So blacklisting *@mailfrom.com would be my aim.
Thank you for your help.
Re: how to make spam rule for specific "envelope-from" entry
Posted: Fri Nov 19, 2010 8:35 am
by BruceLee
Scott, is there a way to catch that? Thank you
Re: how to make spam rule for specific "envelope-from" entry
Posted: Fri Nov 19, 2010 9:30 am
by scott
You'd have to craft a custom rule for that, I'd also double check to ensure that isnt showing up in legit emails just in case its a generic qmail-scanner setting or something.
Re: how to make spam rule for specific "envelope-from" entry
Posted: Fri Nov 19, 2010 11:11 am
by BruceLee
Do you have a hint for me with what variable I can achieve this?
I have searched through spamassassins documentation but nothing seems to fit.
If you talk about a mod_sec rule a short hint would be very welcome since I did not find anything for that purpose.
Thank you very much.
Re: how to make spam rule for specific "envelope-from" entry
Posted: Fri Nov 19, 2010 11:53 am
by scott
Its been a while, so you'd probably want to look at the other SA rules for examples:
header __TEST_HEADER_1 Received =~ /@mailfrom.com/i
Re: how to make spam rule for specific "envelope-from" entry
Posted: Fri Nov 19, 2010 12:04 pm
by BruceLee
thanks, I will take a look. Now I have something to start from. Thanks
Re: how to make spam rule for specific "envelope-from" entry
Posted: Tue Dec 14, 2010 1:10 pm
by BruceLee
Totally forgot to get back. My solution was in fact pretty simple.
I added the domain in the Plesk Mail-Settings Blacklist. This function basically just creates the
/var/qmail/control/badmailfrom file and adds the domain in there.
Which is what I wanted to do manually anyway.
Qmail now checks the envelope header and rejects an email if it matches the entry with:
"553 sorry, your envelope sender is in my badmailfrom list (#5.7.1)"
Of course this means that no emails will make it...which was my aim.
