Solved How can I block this spam coming via Google?

[Richard G]

They are getting more. Today a customer of mine also received 6 spam mails from that yinoce.com group.
So now I blocked that domain and for the time being I also blocked google groups.

 

[Hostking]

I am going to enable greylisting on all our Rspamd servers and see if that stops it.

 

[Hostking]

Not sure if this helps but I found that our score on some servers using RSPAMD that had FORGED_SENDER spam rating symbol was set to 2.5 and those servers were getting some spam through. But 1 server we had had it set to 6 and spam kept getting blocked as spam.

Again not sure if this is a fix but monitoring it more.

Also looks like greylisting is stopping it on rspamd nicely:

 

[Richard G]

I'm using Spamassassin.
Today one other spam message came through to my client, via google, not google groups. Just again another chinese domain.

 

[Hostking]

I have been trying differnt rules for spamassassin doesnt seem like any can properly block these.

 

[Hostking]

New spam again on different domain:

deyan365.com

 

[Hostking]

Looks like only way to block it is have a very high score for X-Google-Group-Id

And rather whitelist it for that tiny percentage of customers that need it whitelist or increase their spam score may be a better strategy.