Jump to content

trying to figure out how to reject gmail spam


satz
 Share

Recommended Posts

I have been getting more spam via gmail than is reasonable and looking to automate some way to reject it. Spamassassin will let me reject all spam over a certain score limit but it doesn't appear to discriminate any further. I would prefer to only do this for the gmail domain.

Anyone have any suggestions on how this might be accomplished?

Thanks

Link to comment
Share on other sites

7 hours ago, satz said:

Spamassassin will let me reject all spam over a certain score limit but it doesn't appear to discriminate any further.

Keep in mind that spam usually will hit multiple rules and you wouldn't want to block non-spam email.  I would probably put the following into spamassassin/local.cf:

header LOCAL_SPAMMY_FROM_GMAIL From =~ /gmail.com/i
describe LOCAL_SPAMMY_FROM_GMAIL        spammy google domain
tflags LOCAL_SPAMMY_FROM_GMAIL          net
reuse  LOCAL_SPAMMY_FROM_GMAIL
score  LOCAL_SPAMMY_FROM_GMAIL  1.558

Now if you are feeling adventurous you may want to try something like a score of 6, but with multiple rules usually triggering you could also block legitimate email.

header LOCAL_EMAIL_GMAIL Received =~ /google.com/i

You  can also use Received instead of From in your rule if you want to trigger on the Received headers.

Keep in mind, that the default is anything above a 5 will temporary block.  Anything above a 12 will permanently block.

Link to comment
Share on other sites

Thank you so much for the response. It was very helpful. I modified it to look for Google's mail API generated email:

header  LOCAL_GMAILAPI  Received =~ /gmailapi.google.com/i

Everything else you posted remains the same. It was looking like the spammers were measuring the Spamassassin score before sending so this now pushes the score where it belongs. At least until the next time.

I also found milter-regex will let me reject email when added after spamass-milter. This lets me reject spam email from gmail.com only. I use the following configuration:

reject "No thank you"
header /^From$/i /gmail\.com/i and header /^X-spam-Flag$/i /YES/i

So far seems to be working.

Link to comment
Share on other sites

You can also use a meta rule that combines other rules with "and" (&&), "or" (||), and "not" (!) tests.

meta LOCAL_GMAIL2 LOCAL_GMAILAPI && LOCAL_GMAIL3 && ( __LOCAL_RULE6 || __LOCAL_RULE7 ) && ! __LOCAL_GOOD_RULE

The double underscore allows you to make hidden rules that won't show up on the email, but can be used with meta groups.  If you use this, you only need to add the score as in our example on the rule LOCAL_GMAIL2.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...