[CentOS] please block user

Thu Aug 27 22:38:59 UTC 2015
Nataraj <incoming-centos at rjl.com>

On 08/27/2015 07:29 AM, m.roth at 5-cent.us wrote:
> Gary Stainburn wrote:
>> Bad news Guys, they've just moved the emails to somewhere else and have
>> started again:
> <snip>
>
> A suggestion: there should be a way to filter using *domain* AND mailhost;
> that is, if emails come from a domain, and through one mailhost, then
> block the domain. If many domains, and the same mailhost, only then block


Here's a sure way to block this kind of spam, though there is a price
for doing so.  For each mailing list that I subscribe to (or for all of
the mailing lists on a particular mailman server) I create a unique
email address that I use to subscribe to that list.  That userid
forwards to my real email address.

I then run some software capable of whitelisting/blacklisting at the
smtp level.  The one I run can whitelist or blacklist based on the
following (regular expressions are supported):

  * envelope sender
  * envelope recipient
  * helo name
  * remote ip address
  * remote hostname

So I create the following two rules (which must be processed in the
specified order):
Whitelist  remotehostname: *mail.centos.org*
Blacklist  envelope recipient: <unique email address>

This method works 100% of the time.  The price of doing this is:

1) You can't receive private emails from list members with out having
some type of on list exchange or adding their email to your whitelist.
2) You must post to the list using the address that you used to subscribe.

This has stopped all of the spam that I was getting from spammers that
harvest email addresses on mailing lists.

My whitelisting and blacklisting is done using vpostmaster (which is no
longer maintained), but I believe there are other packages which can be
used with postfix or exim to do this type of thing.

Nataraj