Solved How can I block this spam coming via Google?

[johannes]

Me too. Check the size of the message, if its bigger than the value in the ESF variables.conf (or variables.conf.custom), then adjust the value.
This ESF value goes for both, SA and rSpamd. You can see in the mail header, if the message was scanned at all. In my case it was not, because size was ~1,5mb and max size in ESF was 1024k, so I changed that to 2mb.

And if you make a new variables.conf.custom, dont forget to use "==" instead of "=" (I got this wrong at first attempt, Zeiter corrected me, thanks to him!)

 

[Richard G]

Yes it probably was bigger as Spamcop already was complaining it was over 50k. I just checked, and it's either 1,5 or 6 MB.

I put it in like this now in the variables.conf.custom file:
EASY_SPAMASSASSIN_MAX_SIZE == 2048K

I presume this is alright. Can we also just use M in there like 2M?
And I forgot, when changing this file, do we just need to restart Exim or recompile exim and/or exim.conf?

Edit: corrected filename.

 

[johannes]

I put it in like this now in the exim.variables.conf.custom file:

No, not in exim.variables.conf.custom! Just variables.conf.custom in the ESF folder: /etc/exim.easy_spam_fighter/variables.conf.custom

I presume this is alright. Can we also just use M in there like 2M?

I`d like to know that too, dont know yet.

when changing this file, do we just need to restart Exim or recompile exim and/or exim.conf?

do an "./build exim_conf" and "service exim restart".

EDIT: it seems ESF handles the values forward to Exim, and Exim understands "M" too, so yes, it should be possible to use 2M instead.

 

[Richard G]

No, not in exim.variables.conf.custom! Just variables.conf.custom

Yes sorry, I was thinking about both names for folder and file at the same time and typed the wrong name, but in fact I used the correct name.
I already did rebuild the exim.conf which automatically also restarts Exim so we should be fine then.
I will correct my previous response to prevent mistakes by others reading just partly.

EDIT: it seems ESF handles the values forward to Exim, and Exim understands "M" too, so yes, it should be possible to use 2M instead.

Ah great!

Just out of curiosity, do you by any chance know if one cane make comments in files like bad_sender_hosts_ip and similar files there?
I would like to do something like:

# spamhost.com
192.168.10.0/24

# bad datacenter.com
10.12.0.0/19

Same for the blacklist_domains file. Didn't do it yet as I don't know if these comments would disturb a good working of the files and I can't find information if comments in there are allowed. I presume yes, but would like to be more sure.
Or maybe @mxroute knows this last part?

 

[johannes]

I dont know for sure, but i think yes, as it is handled by exim standards, and there (as ex. in exim.conf) it is possible to comment out lines.

EDIT: https://www.exim.org/exim-html-curr...domain_host_address_and_local_part_lists.html --> 2.2. File names in lists --> "#" followed by an empty space is a comment, in domain lists and hosts lists. Without empty space its not a comment.

 

[Richard G]

Yes probably indeed.
I have so many in there in the meantime, that I thought of clearing them out, and then stating where it's for, otherwise after some time ip's might change and one might be blocking things one does not want to block anymore.

 

[johannes]

Yes probably indeed.
I have so many in there in the meantime, that I thought of clearing them out, and then stating where it's for, otherwise after some time ip's might change and one might be blocking things one does not want to block anymore.

I edited my previous post. Dont forget about the big IP broker services .. they just rotate between their annoying spamming customers (ipxo.com, netutils.io, prefixbroker.com and so on)