Blocking Chinese Spam Emails

[AndyD_OHD]

Hi,
I am new to this world of WHM and would like to increase my knowledge of such aspects. I have a client on my hosting account who seems to be getting hundreds of emails from a number of different domains but all share the fact that they have oriental characters in the subject line and email content. The companies apparently sending the emails have a number of different TLDs ranging from .net to .com. I wondered if there was a way using spamassassin, or other means, to block the senders of the emails. I would be reluctant to block yahoo emails as some of my client's clients may use yahoo email addresses. I really would appreciate any advice on setting up some system of blocking please.

Thanks
Andy

 

[kernow]

If blocking the IPs is not practical, you could try the account level filtering in cpanel>>>mail. Set up a new filter and copy/paste the oriental characters into the "contains" box. This may or may not work as I have never tried it and am unsure whether the chinese characters could be read.

 

[AndyD_OHD]

The company administering my WHM said that blocking ip address is not a good idea and offered to block emails based upon charset. So I have gone along with that at the moment and will wait to see what happens. But thanks for your reply.

 

[cPanelMichael]

Hello

I am happy to hear your server administrator was able to provide you with a resolution. Thank you for sharing the solution with us.

 

[Bogie]

I ran across this piece of regex that seems to work - (so far): \P{Cn}

Since I'm not very good at regex, I have the offending emails redirected to another account until I feel confident that it solves this problem without creating another.

 

[shenzy]

For similar case I use personalizated filters on etc/cpanel_exim_system_filter
Example: I need filter all emails that contains the phrase: "viagra pills" or in any header contains the domain "viagra-china.cn" or "china-viagra.cn"
The filter is:

### Personal Filter 01
######################################################
# START
# Filters all incoming an outgoing mail
if
($message_headers: contains "china-viagra.cn" or
$message_headers: contains "viagra-chine.cn" or
$message_body: contains "viagra pills")
then

fail text "This message has been rejected by Personal Filter!"
seen finish
endif
# END

If you want to keep track of messages filtered:

### Personal Filter 01
######################################################
# START
# Filters all incoming an outgoing mail
# Personal filter Log file (optional)
logfile /var/log/personal_filter.log 0644

if
($message_headers: contains "china-viagra.cn" or
$message_headers: contains "viagra-chine.cn" or
$message_body: contains "viagra pills")
then
# Write to log (optional)
logwrite "$tod_log $message_id <$sender_host_address> <$sender_host_name> from < $sender_address > to < $header_to > subject < $header_subject > was filtered by the custom filter \n"

fail text "This message has been rejected by Personal Filter!"
seen finish
endif
# END