spam.blacklist.rules Syntax question

Glenn Steen glenn.steen at
Mon Mar 5 15:43:36 CET 2007

On 05/03/07, am.lists <am.lists at> wrote:
> I'm seeing a boatload of spam coming from a particular set of domains.
> They're pretty slick, but I'm catching them with scoring. I'd just
> like to not have to score it every time if I already know they're junk
> coming in.
If you get several similar, the SA result cache should take care of this.

> Since I know they're very-well-known and aren't ever likely to send
> anything legit, I'd like to block their entire domain.
> Let's say their domain is "" -- and their MTA IP is
> with a reverse lookup of
> In my spam.blacklist.rules, I added:
> From:     yes
These aren't really like the ones in PF, place something like
From:     *@*     yes
From:     *     yes

> Thinking that would match. I'm still seeing messages from them that
> are going through scoring and not just getting stopped at the
> blacklist.
Are you sure you are reacting on the correct information? Nothing
Envelope information is what it needs be;)

> I didn't want to block by IP range in case they move.
> Would this be better moved to a postfix block instead of where I'm
> [attempting] to do it?
Might be a good idea, saves even more.

> I know this comes back to strategy and there's more than one way to
> accomplish this.
Oh yes:-).

-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list