I have been getting a lot of spam form various domains, but from the same mailer service. sendersrv.com keeps supporting spammers and I want to be able to block all messages from that sender. I looked into the headers and there are a few places that show that as as the sending domain (envelope and unsubscribe for example).
Any ideas on how to block this on a MiaB?
Also, anyone know how to submit a spam complaint to the people that maintain the blacklists?
You could try adding line(s) like
blocklist_from *@example.com
blocklist_from user@example2.com
to the config file /etc/spamassassin/99_local.cf
Will this take care of the emails where the sender is @domain1.com, but the header info sender is @domain2.com?
The issue is that the spammers use a rotating set of domains, but are using the same relay service. I want to block that service and not have to keep adding the rotating domains.
Duh - got ahead of myself there 
If it’s always the same sender/relay, you could block the sender’s IP address range.It would stop you receiving legit email from the same people, or sending to them, but you would disappear from their view.
The command you want is like this (substitute the desired IP range):
iptables -I INPUT 1 -s 11.22.33.00/24 -j DROP
I use it to block some of the scanning “services” - don’t need my logs full of messages from them, as they “helpfully” scan for openings that they would “helpfully” (and expensively) offer to fix 
The iptables command doesn’t normally persist over reboots. (It is possible to create a default iptables setting, but that comes with other problems.) Instead I’ve got a one-shot service that runs at startup. In /etc/systemd/system/local.service, I’ve got something like:
[Unit]
Description=Local startup commands[Service]
Type=oneshot
RemainAfterExit=yes
WorkingDirectory=/home/ubuntu
ExecStart=iptables -I INPUT 1 -s 11.22.33.0/24 -j DROP
ExecStart=iptables -I INPUT 1 -s 11.22.36.0/24 -j DROP[Install]
WantedBy=sysinit.target
This topic was automatically closed 40 days after the last reply. New replies are no longer allowed.