Email Filtering before delivery

[osirion]

Hey Guys,
I have an issue here with some email filtering.
A user is getting bombarded with spam from *@qq.com accounts. I have CSF/LFD so I went to MailScanner and setup some blocking rules for *@qq.com (server wide, as well as specific to this customers account).
The problem that I see now is that my email queue is growing larger and larger, because this mail isnt getting delivered.
The users mailbox is full.

I'm assuming that the filtering only happens after a successful delivery attempt; however, there isnt a successful delivery attempt because the mailbox is full.
Example delivery log from one such mail stuck in the queue:

2017-08-03 10:22:06 cwd=/var/spool/MailScanner/incoming 10 args: /usr/sbin/exim -C /etc/exim_outgoing.conf -Mc 1ddBO3-0001eg-7l 1ddBO0-0001hY-Gr 1ddBO0-0001eI-0C 1ddBO3-0001eC-It 1ddBO3-0001eX-FE 1ddBO2-0001hY-Qa

+++ 1ddBO3-0001eC-It has not completed +++
2017-08-03 10:21:44 1ddBO3-0001eC-It <= [EMAIL][email protected][/EMAIL] H=(example.com) [144.0.100.36]:57113 P=esmtp S=2111 [email protected] T="\346\234\200\344\270\223\344\270\232\347\232\204\345\275\251\347\245\250\347\275\221\343\200\220\345\244\252\351\230\263\345\237\216\343\200\2211.98\350\265\224\347\216\207\357\274\214\350\265\233\350\275\246\357\274\214\346\227\266\346\227\266\345\275\251\357\274\214\345\205\255\345\220\210\357\274\214\347\213\202\347\202\271\346\263\250\345\206\214\357\274\232666354" for [B]customersemailaddress[/B]
2017-08-03 10:22:17 1ddBO3-0001eC-It == [B]customersemailaddress[/B] R=virtual_user T=dovecot_virtual_delivery defer (-46): LMTP error after end of data: 452 4.2.2 <[B]customersemailaddress[/B]> Mailbox is full / Blocks limit exceeded / Inode limit exceeded

How can I get it so that this mail gets blocked straight away as it hits my server instead of only at delivery time?

 

[Infopro]

I have CSF/LFD so I went to MailScanner

Do you also have MailScanner Front End installed? If yes, click Front End settings and add the domain to the Server Spam Blacklist area.

 

[osirion]

Yes - I do, and its already there (to clarify, thats what I meant by 'server wide' previously).

Server Spam Blacklist:
*@qq.com

 

[Infopro]

That should stop them dead. You might remove any added settings on the users side and empty the spam from the email account.

That qq domain is from China. If you don't do any business with China you could use country code in CSF to block it. Or, add the IP CIDR mentioned in your post above to block it.
countryipblocks.net/search_ip.php?search_ip=144.0.100.36

 

[osirion]

Thats what I thought! Anyway, I've gone ahead and cleared the spam from the users mailbox which has put him under the quota. I'm hoping now that the filtering will work correctly.
Thanks for the help Infopro