Solved phishing , spambloker , rspamd
- Thread starter MisterM
- Start date
EthernetServers
Verified User
- Joined
- Dec 5, 2020
- Messages
- 141
Perhaps look at RBL filtering - i.e. using Spamhaus, Barracuda, etc. This should help to stop a lot of the junk email you're receiving.
But first of all, you could get the message's source IP and check it at https://mxtoolbox.com/blacklists.aspx to see if it's the kind of thing that the big blacklists are picking up on.
Also, I'd suggest only enabling one RBL at a time, i.e. Spamhaus first, then monitor to see if there's improvement, and if not, add in Barracuda, etc.
But first of all, you could get the message's source IP and check it at https://mxtoolbox.com/blacklists.aspx to see if it's the kind of thing that the big blacklists are picking up on.
Also, I'd suggest only enabling one RBL at a time, i.e. Spamhaus first, then monitor to see if there's improvement, and if not, add in Barracuda, etc.
MisterM
Verified User
- Joined
- Jul 31, 2022
- Messages
- 350
Yes, you are absolutely right.
I checked the IP address of the spammer/phishing via TinyCP it is Good.
What it would take, filtering by word, url, decrypting url, etc., because this is passed by amazon, bpost, DHL, etc., for a user, it would pass but not for a user who knows problem ...
Mz
MisterM
Verified User
- Joined
- Jul 31, 2022
- Messages
- 350
Message body :
Achetez-vous sur Amazon pour votre entreprise ?
Passez à Amazon Business et profitez de nos prix compétitifs, de nos livraisons fiables et d'achats sécurisés. Rejoignez des millions d'autres entreprises dans le monde entier.
Message that looks like amazon, under spamassassin this pass, is I use:
ConfigServer MailScanner Front-End v9.19
With the Phishing function activate
Mz
Richard G
Verified User
I also regularly get spam from "amazonaws.com" so yes spam is coming from there too.
I personally don't use Spamhaus anymore, too many false positives from home users several times, because Spamhaus used home source sending ip instead of ISP source sending ip which users are using.
But good chance that Amazon is on the dnswl.org whitelist which is used by Exim.
I always report spam to Spamcop.
I personally don't use Spamhaus anymore, too many false positives from home users several times, because Spamhaus used home source sending ip instead of ISP source sending ip which users are using.
But good chance that Amazon is on the dnswl.org whitelist which is used by Exim.
I always report spam to Spamcop.
Richard G
Verified User
Create an account at Spamcop.net, create the mailhosts and then report the spam by pasting the headers in their report form.
Quite easy in fact.
www.spamcop.net
Quite easy in fact.
SpamCop.net - SpamCop FAQ: SpamCop Parsing and Reporting Service
Beware of cheap imitations! SpamCop has been protecting the internet community since 1998. Automatically file spam reports with the network administrators who can stop unsolicited email at the source. Subscribe, and filter your email before it reaches your inbox.
www.spamcop.net
Richard G
Verified User
Just follow the links via how tot sign up... it's all there.
Here is direct link.
www.spamcop.net
But you have to know what you're doing, also with the headers and how to make mailhost. It's all explained there, but if I have to teach you, you might better consider not to use it.
Here is direct link.
SpamCop.net - Sign up for SpamCop reporting
Beware of cheap imitations! SpamCop has been protecting the internet community since 1998. Automatically file spam reports with the network administrators who can stop unsolicited email at the source. Subscribe, and filter your email before it reaches your inbox.
www.spamcop.net
But you have to know what you're doing, also with the headers and how to make mailhost. It's all explained there, but if I have to teach you, you might better consider not to use it.
Active8
Verified User
- Joined
- Jul 13, 2013
- Messages
- 1,821
You can also teach rSpamd to block such emails , just copy the mail source and paste it in rspamd gui and select spam
Check this post also : https://forum.directadmin.com/threa...inbound-mail-spf-dkim-dmarc.67693/post-357155
Check this post also : https://forum.directadmin.com/threa...inbound-mail-spf-dkim-dmarc.67693/post-357155
Please let us know how the mail.baby rules are doing, if you notice better filtering or false positives over time. Thank you!
Active8
Verified User
- Joined
- Jul 13, 2013
- Messages
- 1,821
>>> 2. Delete list.dnswl.org as mentioned...
Active8
Verified User
- Joined
- Jul 13, 2013
- Messages
- 1,821
Still happy with it, despite sometime connection errors to interserver happens the filter works fine, we are also teaching rSPAMD with spam email for better filtering
what happens on such errors - are the mails still being delivered without this filter, or does all stop till connection is again available?
MisterM
Verified User
- Joined
- Jul 31, 2022
- Messages
- 350
I have a client of sex emails without stop is that they are sent by servers with IP nickel, like amazon, mailgun, I think in an automatic way, we should have a script that analyzes every message that comes in that comes from a source of word is that if it is listed, it is blocked automatically is not do it manually ...