Disable sending emails from a certain email address

[Bondings]

I have problems with a spammer (who uses smtp) that already signed up 3 times trying to send Advanced Fee Fraud emails. I managed to detect it once before his account was created (similar ip address), but the other 2 times he was able to send quite some emails during the night before I noticed it.

I now limited the amount of emails to 100 per day per account using the /etc/virtual/limit file, which should limit the damage he can do.

Anyway, he is always using the same from email address to send the emails (at least both times). It's a parked domain, not on my server. Would it be possible to block all emails with that from address? And if yes, how?

 

[nobaloney]

Anyway, he is always using the same from email address to send the emails (at least both times). It's a parked domain, not on my server. Would it be possible to block all emails with that from address? And if yes, how?

Yes, it would be possible, but it's a bit of work for one sending email address, and he or someone else could eventually try a different address.

I'm not sure of the specifics because I've never tried it but if you study the exim ACLs This (exim.org) Exim Wiki search may help you find some specific information.

In my opinion, the limit is the best you can do and is probably the best you should do.

Jeff

 

[Bondings]

Thank you for the reply!

I was hoping there would be an easy way to add a forbidden email address, like a list where the email addresses can be added.

He managed to get an account again. Luckily the limit helped a lot, as you mentioned.

He again used the same from address. I assume he would change it when it stops working. However a silent block (I mean that he won't get an error, the email is simply not sent) might have an effect though.

 

[nobaloney]

Do you run all your domains through SpamBlocker? If so, then try adding the email address to your /etc/virtual/blacklist_senders. That might work.

Jeff