spam.blacklist.rules Syntax question
Glenn Steen
glenn.steen at gmail.com
Mon Mar 5 15:43:36 CET 2007
On 05/03/07, am.lists <am.lists at gmail.com> wrote:
> I'm seeing a boatload of spam coming from a particular set of domains.
> They're pretty slick, but I'm catching them with scoring. I'd just
> like to not have to score it every time if I already know they're junk
> coming in.
If you get several similar, the SA result cache should take care of this.
> Since I know they're very-well-known and aren't ever likely to send
> anything legit, I'd like to block their entire domain.
>
> Let's say their domain is "mx01.net" -- and their MTA IP is 1.2.3.4
> with a reverse lookup of something.mx01.net.
>
> In my spam.blacklist.rules, I added:
>
> From: .mx01.net yes
These aren't really like the ones in PF, place something like
From: *@*.mx01.net yes
From: *@mx01.net yes
> Thinking that would match. I'm still seeing messages from them that
> are going through scoring and not just getting stopped at the
> blacklist.
Are you sure you are reacting on the correct information? Nothing
spoofable/spoofed?
Envelope information is what it needs be;)
> I didn't want to block by IP range in case they move.
>
> Would this be better moved to a postfix block instead of where I'm
> [attempting] to do it?
Might be a good idea, saves even more.
> I know this comes back to strategy and there's more than one way to
> accomplish this.
>
Oh yes:-).
Cheers
--
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se
More information about the MailScanner
mailing list