trying to figure out how to reject gmail spam

[satz]

I have been getting more spam via gmail than is reasonable and looking to automate some way to reject it. Spamassassin will let me reject all spam over a certain score limit but it doesn't appear to discriminate any further. I would prefer to only do this for the gmail domain.

Anyone have any suggestions on how this might be accomplished?

Thanks

[gnarlymarley]

7 hours ago, satz said:

Spamassassin will let me reject all spam over a certain score limit but it doesn't appear to discriminate any further.

Keep in mind that spam usually will hit multiple rules and you wouldn't want to block non-spam email.  I would probably put the following into spamassassin/local.cf:

header LOCAL_SPAMMY_FROM_GMAIL From =~ /gmail.com/i
describe LOCAL_SPAMMY_FROM_GMAIL        spammy google domain
tflags LOCAL_SPAMMY_FROM_GMAIL          net
reuse  LOCAL_SPAMMY_FROM_GMAIL
score  LOCAL_SPAMMY_FROM_GMAIL  1.558

Now if you are feeling adventurous you may want to try something like a score of 6, but with multiple rules usually triggering you could also block legitimate email.

header LOCAL_EMAIL_GMAIL Received =~ /google.com/i

You  can also use Received instead of From in your rule if you want to trigger on the Received headers.

Keep in mind, that the default is anything above a 5 will temporary block.  Anything above a 12 will permanently block.

[satz]

Thank you so much for the response. It was very helpful. I modified it to look for Google's mail API generated email:

header  LOCAL_GMAILAPI  Received =~ /gmailapi.google.com/i

Everything else you posted remains the same. It was looking like the spammers were measuring the Spamassassin score before sending so this now pushes the score where it belongs. At least until the next time.

I also found milter-regex will let me reject email when added after spamass-milter. This lets me reject spam email from gmail.com only. I use the following configuration:

reject "No thank you"
header /^From$/i /gmail\.com/i and header /^X-spam-Flag$/i /YES/i

So far seems to be working.

[gnarlymarley]

You can also use a meta rule that combines other rules with "and" (&&), "or" (||), and "not" (!) tests.

meta LOCAL_GMAIL2 LOCAL_GMAILAPI && LOCAL_GMAIL3 && ( __LOCAL_RULE6 || __LOCAL_RULE7 ) && ! __LOCAL_GOOD_RULE

The double underscore allows you to make hidden rules that won't show up on the email, but can be used with meta groups.  If you use this, you only need to add the score as in our example on the rule LOCAL_GMAIL2.

[groupboard]

I came across this topic as most of the spam that gets through my spam filter is from gmail. Today I got one phishing email, one "I hope you don't mind me being persistent...do you want me to write a blog post" and one "did you get my email" from a random gmail. I reported them all through spamcop, but not sure if there's any point. None of these emails are all that easy to detect (other than perhaps the blog post one), but would be trivial for google to block. I suspect they automatically put these types of emails in the spam folder for gmail users, but when sending *out* of gmail they don't seem to bother doing anything.

Checking for gmailapi isn't useful because a lot of legitimate emails use gmail api.

[petzl]

8 hours ago, groupboard said:

I came across this topic as most of the spam that gets through my spam filter is from gmail. Today I got one phishing email, one "I hope you don't mind me being persistent...do you want me to write a blog post" and one "did you get my email" from a random gmail. I reported them all through spamcop, but not sure if there's any point. None of these emails are all that easy to detect (other than perhaps the blog post one), but would be trivial for google to block. I suspect they automatically put these types of emails in the spam folder for gmail users, but when sending *out* of gmail they don't seem to bother doing anything.

Checking for gmailapi isn't useful because a lot of legitimate emails use gmail api.

You will be assimilated, Hotmail spam is also annoying,
From outside Gmail you can report their spammer but by the notorious  web page/form
https://support.google.com/mail/contact/abuse
Tutorial here
https://www.wikihow.com/Report-a-Gmail-Account#:~:text=Things You Should Know,Submit to send the report.

[groupboard]

21 hours ago, petzl said:

You will be assimilated, Hotmail spam is also annoying,
From outside Gmail you can report their spammer but by the notorious  web page/form
https://support.google.com/mail/contact/abuse
Tutorial here
https://www.wikihow.com/Report-a-Gmail-Account#:~:text=Things You Should Know,Submit to send the report.

Yeah, I've used that form in the past, but nothing happens and spam keeps coming from the same people even if you report them multiple times. There is also the abuse@google.com address, and it is just as useless.

Yes, hotmail is the same, although their spam volume seems to be lower than that coming from gmail at the moment (at least for me).

[petzl]

Aside from my SpamCop email (forward) I only use Gmail, I suspect Gmail just use a Bot to cancel Gmail spammers.
Most of my spam seems to come from malware bots example then they IP hop for a few days and disappear for a while due to me reporting
https://check.spamhaus.org/listed/?searchterm=223.241.54.61 
The machine using this IP is infected with malware that is emitting spam or is sharing a connection with an infected device.