• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

E-Mail address blacklist help

S

slayer1ss

Basic Pleskian
Hi, almost all mail adresses on my server is getting a spam mail from same mail marketing company everyday and i want to block them... Normall i just add the mail address to blacklist from "Spam Filter Settings" but this company is opening new addresses everyday and it is impossible to add all of them to blacklist so i need your help adding it as a regex to the blacklist...

The company i am talking about is opening mail addresses every day like below...
nrt150401@hotmail.com
nrt150402@gmail.com
nrt150403@yandex.com
nrt150404@mynet.com


As you can see all mail addresses begin with "nrt"+"6 digits of day"+"free mail provider", so right now i am using the regex below and it is already added to the blacklist but they are still able to send me... What can i do now?

nrt??????@*.com
 
@slayer1ss,

You can undertake the following:

1) try to determine the IPs for the specific spammer (it can be the case that these mails come from a couple servers, that function as a mail relay) and block those IPs in the firewall and/or use Fail2Ban module to blacklist those IPs,

2) use the regexp nrt*@*.com OR (better) the regexps:

- *@yandex.com
- *@mynet.com
- nrt*@gmail.com
- nrt*@hotmail.com

(note: you should not blacklist *@hotmail.com and/or *@gmail.com)

3) enable greylisting (if that is not already enabled)

4) configure spf spamprotection and/or enable DNSBL (add zen.spamhause.org) blacklisting (both in settings, mail server settings)

5) experimental (!) - you should be able to make a regexp that can be used in a specific Fail2Ban jail, with the result that specific mails are not received (note: Fail2Ban should be able to identify IPs and block them temporarily). The temporary IP block by Fail2Ban does have the advantage that a genuine mail server will try again to deliver a mail, while a spam mail server often does not. That is, if the Fail2Ban block time is short enough (1 or 2 days), you should barely notice anything.
 
Thank you for your response;

1- Wouldnt blacklisting the ip that the mail is coming from also blacklist all hotmail,gmail etc.?

2- Previously i was using nrt*@hotmail.com etc. but they were still able to send, i changed nrt??????@*.com to nrt*@*.com now and i hope this will work

3- Greylisting is already on

4- SPF and DNSBL is already on

trialotto said:
@slayer1ss,

You can undertake the following:

1) try to determine the IPs for the specific spammer (it can be the case that these mails come from a couple servers, that function as a mail relay) and block those IPs in the firewall and/or use Fail2Ban module to blacklist those IPs,

2) use the regexp nrt*@*.com OR (better) the regexps:

- *@yandex.com
- *@mynet.com
- nrt*@gmail.com
- nrt*@hotmail.com

(note: you should not blacklist *@hotmail.com and/or *@gmail.com)

3) enable greylisting (if that is not already enabled)

4) configure spf spamprotection and/or enable DNSBL (add zen.spamhause.org) blacklisting (both in settings, mail server settings)

5) experimental (!) - you should be able to make a regexp that can be used in a specific Fail2Ban jail, with the result that specific mails are not received (note: Fail2Ban should be able to identify IPs and block them temporarily). The temporary IP block by Fail2Ban does have the advantage that a genuine mail server will try again to deliver a mail, while a spam mail server often does not. That is, if the Fail2Ban block time is short enough (1 or 2 days), you should barely notice anything.
Click to expand...
 
@slayer1ss,

It is very likely that the spammers do not actually send from the mentioned domains, but use a hacked account (solution: blacklist the account) OR a mail relay (i.e. forwarding or sending mails, as if they are coming from the mentioned domain(s); solution: blacklist the IP of the server that functions as a relay).

Hence, it is not very likely that IP blacklisting would result in blocking all traffic from gmail or hotmail.

Furthermore, spammers do not tend to retry any failed mail deliveries, implying that a short-term IP Blacklist can be very handy (genuine mails will be delivered afterwards).

It sometimes even helps to shutdown a mail server for a couple of minutes, but that seems unnecessary at this moment.

As a general note, you are spending a lot of time in order to prevent spam mail from a couple of mail addresses.

It should not be a problem to blacklist IPs or accounts, even if you are missing some genuine mails (remember: a good mail server will retry in case of a bounce, a spammer will not) and therefore it is often better to take a crude, fast approach that saves time.

In short, have a look at your maillogs and identify DNS and/or IPs from the servers that try to send the spam mails and just block those IPs. No harm there, saves a lot of time.

Kind regards.....
 
You must log in or register to reply here.

Similar threads

G
Resolved Emails not being blocked by server wide mail settings/blacklist
Replies
4
Views
2K
gregconway
G
S
Resolved Missing restricted mode setting: blacklisting domains and spam handling
Replies
2
Views
481
sysmin1
S
D
Resolved How to Blacklist emails from address that does not end with .com
Replies
8
Views
5K
YperLine
Y
W
Question Mail Server configuration so it does not end up as spam?
Replies
2
Views
1K
wyga
W
F
Resolved System mails (MAILER-DAEMON) Undelivered Mail Returned to Sender
Replies
6
Views
3K
fvrk4n
F
Back
Top