Blocking Chinese Spam Emails

AndyD_OHD

Member
Oct 18, 2007
8
0
51
Hi,
I am new to this world of WHM and would like to increase my knowledge of such aspects. I have a client on my hosting account who seems to be getting hundreds of emails from a number of different domains but all share the fact that they have oriental characters in the subject line and email content. The companies apparently sending the emails have a number of different TLDs ranging from .net to .com. I wondered if there was a way using spamassassin, or other means, to block the senders of the emails. I would be reluctant to block yahoo emails as some of my client's clients may use yahoo email addresses. I really would appreciate any advice on setting up some system of blocking please.

Thanks
Andy
 

kernow

Well-Known Member
Jul 23, 2004
995
42
178
cPanel Access Level
Root Administrator
If blocking the IPs is not practical, you could try the account level filtering in cpanel>>>mail. Set up a new filter and copy/paste the oriental characters into the "contains" box. This may or may not work as I have never tried it and am unsure whether the chinese characters could be read.
 

AndyD_OHD

Member
Oct 18, 2007
8
0
51
The company administering my WHM said that blocking ip address is not a good idea and offered to block emails based upon charset. So I have gone along with that at the moment and will wait to see what happens. But thanks for your reply.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
Hello :)

I am happy to hear your server administrator was able to provide you with a resolution. Thank you for sharing the solution with us.
 

Bogie

Registered
May 6, 2014
1
0
1
cPanel Access Level
Website Owner
I ran across this piece of regex that seems to work - (so far): \P{Cn}

Since I'm not very good at regex, I have the offending emails redirected to another account until I feel confident that it solves this problem without creating another.
 

shenzy

Well-Known Member
Apr 27, 2008
73
3
58
Chile
cPanel Access Level
Root Administrator
For similar case I use personalizated filters on etc/cpanel_exim_system_filter
Example: I need filter all emails that contains the phrase: "viagra pills" or in any header contains the domain "viagra-china.cn" or "china-viagra.cn"
The filter is:
### Personal Filter 01
######################################################
# START
# Filters all incoming an outgoing mail
if
($message_headers: contains "china-viagra.cn" or
$message_headers: contains "viagra-chine.cn" or
$message_body: contains "viagra pills")
then

fail text "This message has been rejected by Personal Filter!"
seen finish
endif
# END
If you want to keep track of messages filtered:


### Personal Filter 01
######################################################
# START
# Filters all incoming an outgoing mail
# Personal filter Log file (optional)
logfile /var/log/personal_filter.log 0644

if
($message_headers: contains "china-viagra.cn" or
$message_headers: contains "viagra-chine.cn" or
$message_body: contains "viagra pills")
then
# Write to log (optional)
logwrite "$tod_log $message_id <$sender_host_address> <$sender_host_name> from < $sender_address > to < $header_to > subject < $header_subject > was filtered by the custom filter \n"

fail text "This message has been rejected by Personal Filter!"
seen finish
endif
# END
 
Last edited: