Domain filters not working
Hello.
I have a problem - one company is sending me around 20 messages every day using couple of different domains. As it seems to be legal in my country, I can do nothing but just filter them. I know that I can do this on server terminal side. But what if one of my clients want to block domain too?
I want it to work on client (cPanel) side.
Seems that spammer uses only 6 domains with address generator. It's script that you can't just "unsubscribe" it's always from different address. So best would be to just block these 6 domains.
1. Example address from todays messages:
2. Some time ago I created 4 filters, one of it: FROM | CONTAINS : example.pl ACTION: Deliver to folder : Trash Why deliver to trash? Because I want spammer to think that everything is ok. I just don't want to receive them to "inbox". 3. When I test delivering with cPanel functionality and write there one of these above e-mails, it will succeed and block message. But truth is that it's only working when I test it in cPanel, real e-mails still going to my inbox and I need to delete (move to trash) them manually. I have Spam Assasin working too. Please help. Regards, Mateusz.
6x12578.258203.931988456@info10.example.pl
6x12628.258209.931465950@info07.example.pl
6x12578.258172.931098317@info01.example.pl
2. Some time ago I created 4 filters, one of it: FROM | CONTAINS : example.pl ACTION: Deliver to folder : Trash Why deliver to trash? Because I want spammer to think that everything is ok. I just don't want to receive them to "inbox". 3. When I test delivering with cPanel functionality and write there one of these above e-mails, it will succeed and block message. But truth is that it's only working when I test it in cPanel, real e-mails still going to my inbox and I need to delete (move to trash) them manually. I have Spam Assasin working too. Please help. Regards, Mateusz.
-
Why?
When spammer receive report that his message was blocked by filters he will use different domain. I'm trying to avoid him switching domains. It's more secure to let him send more messages but don't need to delete them, than blocking him. He knows from day 1 of my company that my address is working as it's my company e-mail. Adding one new domain to filters not hurt me at all, it's matter of 3 minutes for at least 1-2 months of peace. But filters don't work - that hurt me.Event: success User: -remote- Domain: Sender: 6x12628.258151.929125240@info08.example.pl Sent Time: Nov 7, 2016 6:03:18 PM Sender Host: smtp08.example.pl Sender IP: 185.70.xx.xxx Authentication: localdelivery Spam Score: 2.7 Recipient: email@domain Delivery User: ----- Delivery Domain: domain Delivered To: email@domain Router: virtual_user Transport: dovecot_virtual_delivery Out Time: Nov 7, 2016 6:03:18 PM ID: ----- Delivery Host: localhost Delivery IP: 127.0.0.1 Size: 11.54 KB Result: Accepted
--- In reply to your suggestion: Ok, but spammer knows my e-mail address from CEIDG (it's Polish government website to search company data, for example address or contact details). So these aren't unrouted emails if I understand it proper. Also I need to point out that I don't have any other spam, just this one company. They just (looks like it) specialize in sending e-mail offers. Nothing more. I finally decided to contact them today and will see what they do, but what worries me that cPanel filter is not working in my case. Could someone please try to add similiar filter to his email, for example move to trash all emails from domain which contains "gmail.com" and try to send message from gmail?0 -
FROM | CONTAINS : example.pl ACTION: Deliver to folder : Trash
Hello, It's possible the sender is spoofing the "From" field. Could you let us know if changing the filter rule to use "Any Header" instead of "From" makes a difference? Also, the following thread offers rule ideas for the global Exim system filter, but the filter syntax could be applied to local account filters as well: Need to filter ALL email Thank you.0 -
I'm sorry for late reply, had no time to do this. I think it's working now with this "Any Header"... Will see tomorrow how it goes. 0 -
I think it's working now with this "Any Header"... Will see tomorrow how it goes.
Hello, Let us know how it goes. Thanks!0 -
Yea. It's working. Delivery goes to trash, like I set it. Thank you :) 0 -
I'm happy to see it's now working well. Thank you for updating us with the outcome. 0 -
It is going good i have no problem like this.. 0 -
Install CSF and block thier IP addresses. 0
Please sign in to leave a comment.
Comments
9 comments