Blocking spam by IP address

K

Kal

Verified User
Joined
Nov 18, 2019
Messages
139
Location
Australia
I notice that a lot of spam which makes it to my personal mailbox (getting past Easy Spam Fighter and SpamAssassin) is from the same network—that is, from a range of IP addresses where only the last octet changes. If only we could easily block a range of IP addresses from sending us mail. It turns out we can…

While DA doesn't have a specific option to allow a user to block mail from a given IP address, it does have an option for blocking messages that contain certain text strings, or 'stop words'. Log in as the user and go to E-mail Manager > SPAM Filters. Under E-mail Filters, choose 'Block By Stop word' from the drop-down, enter the IP address in the text field, and click Block. Or if, like me, you're getting spam from a whole range of IP addresses, just enter the common octets. For example, I have these entries:

Stop word 91.151.90.
Stop word 170.130.165.

The filter evidently searches the message headers as well as the body, which works to block all mail from the dodgy networks. There's a chance, I suppose, that a legitimate subnet gets blocked too, but I'd guess the risk is very small. It has certainly been a breath of fresh air through my mailbox! Just thought I'd share in case it helps anyone else.

Update: Doesn't work. See comment below.
 
Last edited:
Sorry folks, looks like the temporary reduction of spam was coincidental. I should have tested more thoroughly before declaring this a success. I can now see that spam is still getting through from some of the IP addresses I tried to block. :( So I guess the stop word feature only searches the message body.
 
Have you researched Rspamd? It supposed to be better and more efficient than Spamassassin.
 
Yep, been using Rspamd from day one. :)

Brent, you don't happen to know a way to manually block emails from certain IP address ranges?

Sorry, for the slow reply BTW. I'm not getting email notifications. Better check my forum settings… Hmm, that's strange. These are my settings, but I received no email notification. Anyone else having this issue? (Some ambiguous and potentially conflicting settings there—maybe it's no wonder.)

Preferences:
Screen Shot 2020-10-09 at 10.09.53 am.png

Account details:
Screen Shot 2020-10-09 at 10.11.05 am.png
 
Last edited:
There was an issue with forum mail notifications, but it is solved.

Forum mail notifications

Not sure whether this is the correct board but it seems like the forum is having problems with the "New reply to watched thread" email notifications. Last week I often received multiple notifications about updates to threads and this week I'm not getting any notifications anymore. Is there a...
forum.directadmin.com forum.directadmin.com
 
  • Like
Reactions: Kal
Thanks @Wanabo, that explains it. And I just received an email notification for your comment, so that's a good sign!
 
Hello. Add to the file /etc/virtual/bad_sender_hosts_ip the address you want to block.
If I understand you correctly, you need to block the acceptance of letters from the ip addresses you specified. Then this will help you.
 
  • Like
Reactions: Kal
Thank you @splby. I was about to ask if I can block a range of IP addresses with a wildcard or subnet mask, and then I found this thread which confirms that I can. Perfect!
 
You must log in or register to reply here.
Back
Top