One particular class of spam that just won’t get filtered by SpamAssassin seems to be “newsletters” I’m getting in foreign languages, to the tune of ten or so a day.
The spammers are very kind, however, and send from email addresses almost always in Brazil. How might I instruct my server to simply reject ANY emails where the sender has a .br domain? Yes, I realize the implications here - on this server, I am comfortable doing such a solid block.
At which point would I want to configure this, and perhaps a pointer to how? At the MTA level and simply drop the mail on the floor? Or at the SMTP level and reject it with hopes that the sender stops trying?
Which file do I edit to do this for the WHOLE SERVER? Not individual users, but tell my server that if the mail is coming from a .br address (even if forged - I’m cool with that), reject it?
Your response indicates I can do it, but having never done it before, your instructions are a few steps down the road.
You can edit the sieve-spam.sieve file located at /etc/dovecot/sieve-spam.sieve on the server, but I don’t know what happend if you update miab. So the easiest way I see is to use iptables Block entier country using iptables.
I don’t want to block the country. I want to block all MAIL that CLAIMS to come from a particular TLD. That could be .br, or .us, or even a gTLD like .info
I want all mail with a From address that ends in a particular TLD to simply be noted as spam and rejected. For the whole server.
Sorry, for the second part. I think its not that big issue to extend the script to block only the incoming traffic on port 25. But as I said (first part) you can only do it by editing the sieve-spam.sieve file located at /etc/dovecot/sieve-spam.sieve on the server.