Most often these spammers are sending from Internet Cafes or from infected home PCs. This generally means that the originating IP *does not have a reverse DNS entry*. This means that the inbound MTA (or some inbound MTA) is going to add a Received: header with 'unknown' as the host it is receiving from.
Putting in a spam filter like this: Received: from.*(unknown \[\d+\.\d+\.\d+\.\d+\]) with Hold action will catch these. (note: *some* E-Mail clients will also do this, so sometimes you will get a legit post from an 'unknown' SMTP server. Using "hold" allows you to pass those along.) Also: If you can install something like Spamassassin+Mimedefang and setting it to include spam scores, you can also have a spam filter for that. Also you can look at the full headers and look at the Received: headers. Sometimes the anon. IP address do have a reverse DNS entry (eg something like nnn-nnn-nnn-nnn-dsl-home-network.telecom.ru or some such nonsense -- something other than a more typical outboundmail.someprovider.com). In which case you can craft a spam filter for those as well. At Thu, 5 Oct 2017 11:24:18 +0200 "Sebastian Jung" <jung.j...@gmx.de> wrote: > > Hi all, > > I administrate a Mailinglist where by default only members of the list are > allowed to post messages. Lately we have Spam-Emails where the creator > uses a "From"-Adress in the form of: > > regularlistmem...@somedomain.com <somespamaddr...@dubiosdomain.tld> > > Mailman does not block those Emails since the known and allowed > Email-adress appears with in the From-Field although it is just part of > the name tag. > Do you know, if there is some option to deal with the problem or to set a > regular-expression to filter out such unwanted mails? > > Thanks in advance > Sebastian > ------------------------------------------------------ > Mailman-Users mailing list Mailman-Users@python.org > https://mail.python.org/mailman/listinfo/mailman-users > Mailman FAQ: http://wiki.list.org/x/AgA3 > Security Policy: http://wiki.list.org/x/QIA9 > Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ > Unsubscribe: > https://mail.python.org/mailman/options/mailman-users/heller%40deepsoft.com > > -- Robert Heller -- 978-544-6933 Deepwoods Software -- Custom Software Services http://www.deepsoft.com/ -- Linux Administration Services hel...@deepsoft.com -- Webhosting Services ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org