On Fri, 10 Jun 2016, "Meaulnes Legler"@MailList wrote:
Since the senders differ, I cannot use the apf firewall, or can I?
The senders may vary, but the IP very likely will be all the same or
within a network block. That should be easily filtered by iptables.
From your sample, 138.185.239.223 in Brazil appears to be the source.
Check your mail logs for IPs in the same network range as the sample:
grep 138.185.239. /var/log/maillog|less
If there's lots of entries, then just firewall the source network
iptables -A INPUT -s 138.185.239.223/24 -j DROP
Adjust the netmask for larger or smaller numbers of blocked IPs.
I think I could use SpamAssasin to filter out those mails, but I don't
know how to configure it.
SA takes some time to 'learn' the nature of a spam before it will filter
new things, so not really a good tool for stopping a sudden flood.
Any ideas?
Use SpamHaus. The BX GUI for mail should have a choice to to enable DNS
blocklists (DNSBL) with SpamHaus blocking. SpamHaus usually are quick to
spot sources of floods and blocks the source IPs. It works by having
sendmail do a DNS lookup to SpamHaus when there's incoming mail, and the
results that is returned determines if mail is accepted or, if it's a
known spammer source, stopped immediately.
_______________________________________________
Blueonyx mailing list
Blueonyx@mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
