I have someone that is sending Idnetical emails with an attachment to one of my addresses, I went into
Webmin / Servers / SpamAssassin Mail Filter / Allowed and Denied addresses
and placed that persons email address in the deny column, yet I’m still getting emails from that person
I’m guessing they are trying to create a broad phishing scam but don’t know how to use their software or something, It is very annoying having to delete hundreds of emails a day from this person.
What did I do wrong in setting up the filter to deny this email address from delivering to my server?
Tony
Additionally, you can use wildcards and just a part of the address in the block list in case they are doing something like adding an invisible character.
Check the email source so you can see all the header and make sure the senders address is the same, they maybe disguising the address. Plus you do see SpamAssassin scoring.
Why IP blocking is not recommended
Blocking spam by IP address is unreliable because spammers frequently rotate mail servers and IPs. This leads to constant maintenance and a high risk of false positives.
If SpamAssassing filtering is not working properly you have two solutions:
Recommended Postfix solutions
The preferred approach is to block spam at SMTP time using Postfix access tables (e.g. check_sender_access), which reject messages based on the sender email address or domain before the message is accepted. This is efficient and resource-friendly.
Procmail usage
Procmail can be used as a secondary measure to filter or discard unwanted emails, but it works only after the message has already been accepted. Therefore, it should not be used as a primary anti-spam mechanism. For example, edit the file /etc/webmin/virtual-server/procmail/[your_virtual_server_number]
:0
* ^From:.*spam@example.com
/dev/null
or moving them to the Trash or other folder if you want to check them with an email client. Just create a cronjob to delete the folder content periodically.
Being a smaller ISP, I can and do run a significant Blocklist. 1,939,916,879 IPs at this moment.
What’s more important to me is my Clearlist 1,275,027 IPs
These days I don’t get as much value from blocking sender addresses etc, they change so fast, so easily.
Doing either of your manual edits seems to be a chore.
At least create a system where you can just add email address, subject, body content, or whatever else from the header, to a list that triggers rejection.
However, from my limited experience, postfix is not well suited to efficient use of most of these techniques - hence that stuff you have suggested.
An ISP can provide hardware packet filtering and spam blocking solutions, but I do not recommend it. Each administrator must filter his own traffic and implement his own rules.
In my case, I implement them in cascade: Postfix, Spamassassin, Procmail, IP’s so that “nothing” escapes. Now it also depends on whether or not you allow connection from IPv6 addresses. In the case of IPv4, there are only 4.295 billion. IP management is very challenging here I would recommend ipset, fail2ban, and blocking traffic from certain countries. Obviously not everything can be blocked, but most of it will be solved.
In conclusion, to block an email address it would be beneficial to use several methods already considered standard.