Spamassassin config - huge attachment spammer

3 posts / 0 new
Last post
#1 Tue, 02/10/2015 - 18:39
mn3250

Spamassassin config - huge attachment spammer

There is this spammer that attaches a big file to e-mails so that bypasses Spamassassin. Having search a lot could not find a way to block him using virtualmin spamassassin module. Sent from domain also changes everytime. I have black-listed the domains but maximum size allowes Spamassassin being bypassed by the spammer. IP address also changes from time to time so that I will have to block the IP manualy. Could someone tell me where to block .ru and .se domains or a rule that is applied to huge attachments before sucking all server resources by Spamassassin? This is becoming a nightmare at the moment. Please help if you know a way to auto block this spammer. Thank you in advance.

Tue, 02/10/2015 - 23:19
Diabolico
Diabolico's picture

You could try with Postgrey (Virtualmin - Email Messages - Email Greylisting) and/or set to reject incoming email when DKIM/SPF fail (Virtualmin - Virtual Server where you have email problem - Server Configuration - DNS Options - DMARC policy... - Reject email). For second option to work you must turn on DMARC for selected virtual server and (probably) sort SPF/DKIM for your domain in case you didnt. Not sure if this will help your case but for me it was really helpful to reduce incoming spam. Frankly i'm using this methods for quite some time and no objections. Most of the spam will fail in one way or another with at least one of this two options enabled.

- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.

Sun, 02/22/2015 - 17:14
mn3250

Thank you for your answer. I try to stay away from Postgrey as it is not a standard solution. Can not reject no DKIM signature mails because some legitemate senders do not SPF/DKIM sign their mails. For now looks like spammer has stopped but if there was an option in virtualmin to block a domain(s) at mail server level would be great and will help in this kind of situation. I have seen some articels on doing this at postfix level but am afraid to touch my config.

Topic locked