I’m seeing an uptick in a particular type of spam that I would very much like to filter. Fortunately, the spam has a quite distinctive fingerprint: the envelope sender of each message matches the regex:
^[A-Za-z0-9_-]+-realuser=realdomain\.realtld\@[a-z0-9-]+\.[a-z]{2,4}$ (where ‘realuser’, ‘realdomain’ and ‘realtld’ jointly match an email address hosted on my server. For example, if I had a user ‘f...@example.com’, the envelope sender on the spams might look like: garcinia-fred=example....@spammydomain.com The ‘fred=example.com@’ is pretty distinctive for this spammer. There are a few legitimate domains that use an approximately similar convention, but the regex above will not match them. spammydomain.com, obviously, changes from run to run. They seem to be snowshoe’ing their way all over Cloudflare, with a few instances on HiVelocity. My impression is that Spamdyke’s sender blacklists only allow simplified wildcards, i.e. specifying @example.com to block all email from the ‘example.com’, so that’s probably not an option. Spamdyke’s header blacklist feature is slightly more complex/capable, but doesn’t match on the envelope sender (or allow me the full expressiveness I need). I could add a SpamAssassin rule to take care of these cases, but the way my system is configured, SpamAssassin will only flag spam, not delete it. Some of the addresses targeted by this particular spammer are set to forward to external systems, so — in order to preserve the reputation of my mail server — I’d like to kill this spam dead. I could use procmail, but this is something of a hassle. So before I go down that route, I wanted to ask whether there’s anything in the qmailtoaster toolbox that would allow me to block email based on applying the regex above to the envelope sender. I could also just use iptables to block CloudFlare entirely, but that seems a little extreme. Any suggestions would be gratefully received. Angus --------------------------------------------------------------------- To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com