Email Filtering before delivery

osirion

Well-Known Member
Jan 16, 2007
54
4
158
Hey Guys,
I have an issue here with some email filtering.
A user is getting bombarded with spam from *@qq.com accounts. I have CSF/LFD so I went to MailScanner and setup some blocking rules for *@qq.com (server wide, as well as specific to this customers account).
The problem that I see now is that my email queue is growing larger and larger, because this mail isnt getting delivered.
The users mailbox is full.

I'm assuming that the filtering only happens after a successful delivery attempt; however, there isnt a successful delivery attempt because the mailbox is full.
Example delivery log from one such mail stuck in the queue:
Code:
2017-08-03 10:22:06 cwd=/var/spool/MailScanner/incoming 10 args: /usr/sbin/exim -C /etc/exim_outgoing.conf -Mc 1ddBO3-0001eg-7l 1ddBO0-0001hY-Gr 1ddBO0-0001eI-0C 1ddBO3-0001eC-It 1ddBO3-0001eX-FE 1ddBO2-0001hY-Qa

+++ 1ddBO3-0001eC-It has not completed +++
2017-08-03 10:21:44 1ddBO3-0001eC-It <= [EMAIL][email protected][/EMAIL] H=(example.com) [144.0.100.36]:57113 P=esmtp S=2111 [email protected] T="\346\234\200\344\270\223\344\270\232\347\232\204\345\275\251\347\245\250\347\275\221\343\200\220\345\244\252\351\230\263\345\237\216\343\200\2211.98\350\265\224\347\216\207\357\274\214\350\265\233\350\275\246\357\274\214\346\227\266\346\227\266\345\275\251\357\274\214\345\205\255\345\220\210\357\274\214\347\213\202\347\202\271\346\263\250\345\206\214\357\274\232666354" for [B]customersemailaddress[/B]
2017-08-03 10:22:17 1ddBO3-0001eC-It == [B]customersemailaddress[/B] R=virtual_user T=dovecot_virtual_delivery defer (-46): LMTP error after end of data: 452 4.2.2 <[B]customersemailaddress[/B]> Mailbox is full / Blocks limit exceeded / Inode limit exceeded
How can I get it so that this mail gets blocked straight away as it hits my server instead of only at delivery time?
 
Last edited by a moderator:

osirion

Well-Known Member
Jan 16, 2007
54
4
158
Yes - I do, and its already there (to clarify, thats what I meant by 'server wide' previously).

Server Spam Blacklist:
*@qq.com
 

Infopro

Well-Known Member
May 20, 2003
17,112
513
613
Pennsylvania
cPanel Access Level
Root Administrator
Twitter
That should stop them dead. You might remove any added settings on the users side and empty the spam from the email account.

That qq domain is from China. If you don't do any business with China you could use country code in CSF to block it. Or, add the IP CIDR mentioned in your post above to block it.
countryipblocks.net/search_ip.php?search_ip=144.0.100.36
 

osirion

Well-Known Member
Jan 16, 2007
54
4
158
Thats what I thought! Anyway, I've gone ahead and cleared the spam from the users mailbox which has put him under the quota. I'm hoping now that the filtering will work correctly.
Thanks for the help Infopro
 
  • Like
Reactions: Infopro