On 08/27/2015 07:29 AM, m.roth at 5-cent.us wrote: > Gary Stainburn wrote: >> Bad news Guys, they've just moved the emails to somewhere else and have >> started again: > <snip> > > A suggestion: there should be a way to filter using *domain* AND mailhost; > that is, if emails come from a domain, and through one mailhost, then > block the domain. If many domains, and the same mailhost, only then block Here's a sure way to block this kind of spam, though there is a price for doing so. For each mailing list that I subscribe to (or for all of the mailing lists on a particular mailman server) I create a unique email address that I use to subscribe to that list. That userid forwards to my real email address. I then run some software capable of whitelisting/blacklisting at the smtp level. The one I run can whitelist or blacklist based on the following (regular expressions are supported): * envelope sender * envelope recipient * helo name * remote ip address * remote hostname So I create the following two rules (which must be processed in the specified order): Whitelist remotehostname: *mail.centos.org* Blacklist envelope recipient: <unique email address> This method works 100% of the time. The price of doing this is: 1) You can't receive private emails from list members with out having some type of on list exchange or adding their email to your whitelist. 2) You must post to the list using the address that you used to subscribe. This has stopped all of the spam that I was getting from spammers that harvest email addresses on mailing lists. My whitelisting and blacklisting is done using vpostmaster (which is no longer maintained), but I believe there are other packages which can be used with postfix or exim to do this type of thing. Nataraj