Really block ISP numbers, not using TLD, just using the IP.

[iNiC]

Before we begin, and just so you understand, I am referring to the IP address such as 255.255.255.255 - NOT TLD such as .TLD, .CO, .COM, etcetera as most found internet sources redirect with their wrong answer.

ISSUE:

1. Too much spam comes into email account from a IP address (example: ###.###.###.###)
2. The internet references to use "Account Level Filtering " does not exist in our versions of cPanel. Some Internet garbage should be taken out. I know now, 5.58 hours later that it was renamed to something else.
3. Our Host says we cannot block individual IP addresses but can block TLDs.
4. Each spam from IP address starting with 170 changes the next 3 suffixes, as well as changes the From and Reply To so each email has to be dealt with individually.

QUESTION:
I NEED to block ###.*.*.* - - is that do-able in cpanel? (where ### is the prefix of the consistent spammer.)

Additional -stuff-:
The spammer has several IP addresses and changes them - such as ###.123.123.123 then ###.124.123.124 then example again being ###.1.2.3.4 as examples but ### never changes.
The spammer is a affiliate of many various scams, junk merchandise and so on.
I would be happy to provide the prefix of the spammers IP addresses, but feel it might be verboten in public, so maybe PM moi?
NOTE: All spam is forwarded to SpamCop. The spammer continues unabated.

Thanks
~i~

This post has/had/includes no intention either real or implied of offending, degrading, demoralizing, insulting, or phobi-ing anyone. The ONLY thing that matters, is we learn to be tolerant of others.

 

[cPanelLauren]

Why not just block the entire range? You should still be able to do this within SpamAssassin. If you're a reseller user you may or may not have access to the exim configuration manager to black list the IP or the firewall settings but you should still be able to create a filter which will do this. Global Email Filters | cPanel & WHM Documentation

For Example If the spammer's first two octets are 192.168. the following should work

 

[iNiC]

Many thanks @cPanelLauren

There is no "SpamAssassin" in the cPanel I have, but Host said "Spam Filters" IS SpamAssassin. Your redirecting me to Global Email Filters has done the trick. Many thanks - I really do appreciate the help.

~i~

 

[cPanelLauren]

Yea Spam Filters is SpamAssassin, a custom plugin/rule would also resolve this issue if you're using it but I am glad the Global filter did the trick!

 

[keat63]

I'd be a little bit careful when creating your global filter.
If you blocked the IP address octets rather than a word/phrase, you could in theory block all sorts that you never intended.

Lets assume that the troublesome IP address is 123.456.789.012

If you create a filter which goes
eg: If any header contains 123.456, then you could in effect block a whole country/isp/region

If these are coming from somewhere obscure that you have no dealings with or don't much care about, then it should be OK
I have a user in Thailand, who consistently gets locked out due to a somewhat aggressive firewall rule blocking class b subnets