satz Posted March 20, 2022 Posted March 20, 2022 I have been getting more spam via gmail than is reasonable and looking to automate some way to reject it. Spamassassin will let me reject all spam over a certain score limit but it doesn't appear to discriminate any further. I would prefer to only do this for the gmail domain. Anyone have any suggestions on how this might be accomplished? Thanks Quote
gnarlymarley Posted March 21, 2022 Posted March 21, 2022 7 hours ago, satz said: Spamassassin will let me reject all spam over a certain score limit but it doesn't appear to discriminate any further. Keep in mind that spam usually will hit multiple rules and you wouldn't want to block non-spam email. I would probably put the following into spamassassin/local.cf: header LOCAL_SPAMMY_FROM_GMAIL From =~ /gmail.com/i describe LOCAL_SPAMMY_FROM_GMAIL spammy google domain tflags LOCAL_SPAMMY_FROM_GMAIL net reuse LOCAL_SPAMMY_FROM_GMAIL score LOCAL_SPAMMY_FROM_GMAIL 1.558 Now if you are feeling adventurous you may want to try something like a score of 6, but with multiple rules usually triggering you could also block legitimate email. header LOCAL_EMAIL_GMAIL Received =~ /google.com/i You can also use Received instead of From in your rule if you want to trigger on the Received headers. Keep in mind, that the default is anything above a 5 will temporary block. Anything above a 12 will permanently block. Quote
satz Posted March 23, 2022 Author Posted March 23, 2022 Thank you so much for the response. It was very helpful. I modified it to look for Google's mail API generated email: header LOCAL_GMAILAPI Received =~ /gmailapi.google.com/i Everything else you posted remains the same. It was looking like the spammers were measuring the Spamassassin score before sending so this now pushes the score where it belongs. At least until the next time. I also found milter-regex will let me reject email when added after spamass-milter. This lets me reject spam email from gmail.com only. I use the following configuration: reject "No thank you" header /^From$/i /gmail\.com/i and header /^X-spam-Flag$/i /YES/i So far seems to be working. Quote
gnarlymarley Posted March 27, 2022 Posted March 27, 2022 You can also use a meta rule that combines other rules with "and" (&&), "or" (||), and "not" (!) tests. meta LOCAL_GMAIL2 LOCAL_GMAILAPI && LOCAL_GMAIL3 && ( __LOCAL_RULE6 || __LOCAL_RULE7 ) && ! __LOCAL_GOOD_RULE The double underscore allows you to make hidden rules that won't show up on the email, but can be used with meta groups. If you use this, you only need to add the score as in our example on the rule LOCAL_GMAIL2. Quote
groupboard Posted August 23, 2022 Posted August 23, 2022 I came across this topic as most of the spam that gets through my spam filter is from gmail. Today I got one phishing email, one "I hope you don't mind me being persistent...do you want me to write a blog post" and one "did you get my email" from a random gmail. I reported them all through spamcop, but not sure if there's any point. None of these emails are all that easy to detect (other than perhaps the blog post one), but would be trivial for google to block. I suspect they automatically put these types of emails in the spam folder for gmail users, but when sending *out* of gmail they don't seem to bother doing anything. Checking for gmailapi isn't useful because a lot of legitimate emails use gmail api. Quote
petzl Posted August 23, 2022 Posted August 23, 2022 8 hours ago, groupboard said: I came across this topic as most of the spam that gets through my spam filter is from gmail. Today I got one phishing email, one "I hope you don't mind me being persistent...do you want me to write a blog post" and one "did you get my email" from a random gmail. I reported them all through spamcop, but not sure if there's any point. None of these emails are all that easy to detect (other than perhaps the blog post one), but would be trivial for google to block. I suspect they automatically put these types of emails in the spam folder for gmail users, but when sending *out* of gmail they don't seem to bother doing anything. Checking for gmailapi isn't useful because a lot of legitimate emails use gmail api. You will be assimilated, Hotmail spam is also annoying, From outside Gmail you can report their spammer but by the notorious web page/formhttps://support.google.com/mail/contact/abuse Tutorial herehttps://www.wikihow.com/Report-a-Gmail-Account#:~:text=Things You Should Know,Submit to send the report. Quote
groupboard Posted August 24, 2022 Posted August 24, 2022 21 hours ago, petzl said: You will be assimilated, Hotmail spam is also annoying, From outside Gmail you can report their spammer but by the notorious web page/formhttps://support.google.com/mail/contact/abuse Tutorial herehttps://www.wikihow.com/Report-a-Gmail-Account#:~:text=Things You Should Know,Submit to send the report. Yeah, I've used that form in the past, but nothing happens and spam keeps coming from the same people even if you report them multiple times. There is also the abuse@google.com address, and it is just as useless. Yes, hotmail is the same, although their spam volume seems to be lower than that coming from gmail at the moment (at least for me). Quote
petzl Posted August 24, 2022 Posted August 24, 2022 Aside from my SpamCop email (forward) I only use Gmail, I suspect Gmail just use a Bot to cancel Gmail spammers. Most of my spam seems to come from malware bots example then they IP hop for a few days and disappear for a while due to me reportinghttps://check.spamhaus.org/listed/?searchterm=223.241.54.61 The machine using this IP is infected with malware that is emitting spam or is sharing a connection with an infected device. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.