2
SPAM problems - Block domains
Question asked by Raul Morales - 10/15/2019 at 2:14 PM
Unanswered
Hi,

There are several spammers that are sending emails from similar domain names, all ending in .monster
Where in SM 16 can I block this domain (e.g. *.monster) for ALL domains hosted in the server? Any other suggestions on how to deal with this?

Thanks!!!

11 Replies

Reply to Thread
0
Kyle Kerst Replied
Employee Post
You can set this up under Settings>Security>SMTP Blocks where you can add a block for the Email Address/Domain and/or the EHLO domain if they're all coming from a similar server. You could also set up a custom spam check under Settings>Antispam>Spam Checks that will assign a higher spam weight to messages coming from any domain ending in .monster.
Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
0
Raul Morales Replied
Kyle,

Thanks for your reply. I have created successfully an Settings>Security>SMTP Blocks entry. But, for some reason, I haven't been able to create a new rule in SpamChecks... I hit the NEW button, give it a RULE NAME, in the RULE SOURCE I choose BODY, in the next RULE SOURCE I choose "Contains", in the RULE TEXT I write the words (e.g.: fly airplanes), then choose a weight of 30, and keep Match Multiple, Enable Spool Filtering and Enable Outgoing SMTP Blocking disabled, and finally I save the Custom Rule, but it doesn't show in the list of SPAM CHECKS. What am I doing wrong? Please advise.

Thanks again... 
0
Kyle Kerst Replied
Employee Post
Raul, you're very welcome, happy to help! For this issue (adding spam checks) I may need to take a closer look at that to know for sure. Can you submit a support ticket?
Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com
0
Jill Stevens Replied
I'm having the same problem .... hundreds of spam today alone from *.best, *.monster and *.icu. I've tried Kyle's suggestion: admin level, Settings>Security>SMTP Blocks but SMTP Blocks is requiring a full domain or email address (when entering *.icu = "This is not a valid domain or email address".)  therefore this solution cannot be enabled. Any other suggestions? I'd appreciate any help!!
0
Linda Pagillo Replied
Hi! Are any of you with this issue using Declude? If yes, you can use it to block these domains. It won't block them at the SMTP level, but it will block the spam messages from being delivered to your users.
Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Authorized SmarterTools Reseller Authorized Message Sniffer Reseller
0
Raul Morales Replied
Hi Linda! I'm using DECLUDE. How do you configure Declude to block domains? What's the proper sintaxis? 

Thanks,

Raúl
2
Reto Replied
We filter out these TLDs with a custom Rule in the Antispam Settings, so they at least go properly into junk folder.
The settings are:

Rule Name: Blcok Spam TLD
Rule Source: Header
Header: Return-Path
Rule Source: Regular Expression
Rule Text:  
.+\.icu>$
.+\.top>$
.+\.xyz>$
.+\.gdn>$
.+\.best>$

Weight: 30
Enable Spool Filtering: Active
Enable Outgoing SMTP Blocking: Active

0
Linda Pagillo Replied
Raul, to use Declude to block mail from these domains, you need to create a filter. A filter is a simple text file which contains lines to stop these. Here are 2 different examples of what you can add to your filter depending on what you need...

The example lines below, if used in a filter, will block all TLDs with more than 5 characters...

MAILFROM 0 PCRE (?i:\.[a-z]{5,}$)
REVDNS 0 PCRE (?i:\.[a-z]{5,}$)
HELO 0 PCRE (?i:\.[a-z]{5,}$)

The example lines below, if used in a filter, will block the 3 TLDs that were discussed in this thread...

MAILFROM    0    PCRE    (?i:\.(win|icu|best)$)
REVDNS    0    PCRE    (?i:\.(win|icu|best)$)
HELO    0    PCRE    (?i:\.(win|icu|best)$)

What you need to do to use either if these examples is open a Notepad file and copy/paste the lines in. Save the file to your Declude\Filters directory. You can call it anything you like. For this example we will call it FILTER_TLD.txt.

Once you do that, open your global.cfg file which is in the Declude directory and scroll down to the filters section. You will see lines for other filters.What you need to do is add a line for this filter. It should look like this...

FILTER_TLD        filter    [PATH]\Declude\filters\FILTER_TLD.txt        x    0    0

Be sure to change the [PATH] to the path of your filters directory. For example, if you have Decude installed to your C drive, your line would look like this...

FILTER_TLD        filter    C:\Smartermail\Declude\filters\FILTER_TLD.txt        x    0    0

Next, open your $default$.junkmail file which is in your Declude directory. Add the following line...

FILTER_TLD    DELETE

This will cause any mail which triggers the filter to be deleted. 

Please be aware that you do not need to delete these messages if you do not want them. You can hold them, re-route them, etc... At the top of the $default$.junkmail file you will see the different options you can use.

I hope this helps. Please let me know if you have any further questions. Thanks!

Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Authorized SmarterTools Reseller Authorized Message Sniffer Reseller
1
Raul Morales Replied
Thank you so much, Linda!!! You rock.

Raúl 
0
Linda Pagillo Replied
My pleasure Raul :)
Linda Pagillo Mail's Best Friend Email: linda.pagillo@mailsbestfriend.com Web: www.mailsbestfriend.com Authorized SmarterTools Reseller Authorized Message Sniffer Reseller
1
Patrick Mattson Replied
I am going to try incorporating Linda's idea, but to add to Reto I have the following:

.+\.accounting>$
.+\.bid>$
.+\.best>$
.+\.click>$
.+\.club>$
.+\.country>$
.+\.cricket>$
.+\.date>$
.+\.download>$
.+\.faith>$
.+\.fun>$
.+\.gdn>$
.+\.host>$
.+\.icu>$
.+\.loan>$
.+\.asia>$
.+\.men>$
.+\.online>$
.+\.party>$
.+\.review>$
.+\.science>$
.+\.space>$
.+\.stream>$
.+\.study>$
.+\.top>$
.+\.trade>$
.+\.webcam>$
.+\.website>$
.+\.win>$
.+\.work>$
.+\.xyz>$
.+\.zw>$

Reply to Thread