Spam Filtering - Block List Not Working

humptydumpty

I added a few annoying email addresses that keep bypassing the spam filters in my CR dashboard --> Email --> Spam Filtering --> Blocklist. I'm still getting emails from them in my inbox.

The email addresses are listed as wildcards for their entire domain and each email is on a separate line. Am I doing it wrong?

*@spamdomain1.com
*@spamdomain2.com
*@spamdomain3.com

I even created a filter in Roundcube to delete all emails containing @spamdomain.com but that also isn't working.

Also, if someone could please explain the difference between (*) and (?).

Thanks!

d19dotca

@humptydumpty

It looks like you used * for the username portion of the email, not the domain at all. If the domains used are legitimately something like example1 example2 example3, then you can use something instead like this: *@example*.* that will also make the TLD a wildcard too in case they re-use but just move to another TLD.

If it's possible to share the actual email addresses you are seeing, I can come up with the proper value to use in the block list.

Speaking of block list, make sure you added it to the correct section on the Spam settings popup. Should be the top box.

girish

@humptydumpty That should work. If you see the raw email headers, you will also see:

X-Spam-Report: 
	*  100 USER_IN_BLACKLIST From: address is in the user's black-list

One thing I can think of is that maybe the email address that you are looking at is wrong. If you see the raw email headers, do you see that the email addresses match Return-Path and X-Envelope-From ?

girish

BTW, I did a quick check to see if there was some regression and it does seem to work fine on my mail server.

humptydumpty

@d19dotca I don't mind sharing the email addresses but I didn't want to help them with their "marketing" efforts. The domains don't appear to change. It's the username that is unique. I've received so many emails from them that I have their domain etched into my brain now. Spam DOES work lol.

I have the code below entered in the top box and in the bottom I have the custom spam settings that you have kindly shared with us on this forum.

@girish Yes, both addresses match what is shown in return-path and x-envelope-from. I'm not seeing USER_IN_BLACKLIST in the headers though. I'm guessing maybe because I have the mail forwarded from one Cloudron user/domain to another Cloudron user/domain on the same server and it's showing my own server info instead?

If it makes any difference, I'm still on Ubuntu 18.04 but on the latest Cloudron v6.2.8.

d19dotca

@humptydumpty Ah okay, interesting. Sorry I thought it was literally the same domain but with a different digit at the end, haha.

So yeah in your case then, wha you have in there looks fine. That should work. If it's not working for you, then I wonder if it's possible the emails you entered don't match the <mailFrom> value from the logs? I just wonder if what you added was a spoofed address and not the original address. I see nothing wrong in your setup, it looks totally fine, so only other thing I can think of at the moment.

Btw, nice to see you using the custom rules list

humptydumpty

@d19dotca Sadly, they do match. I'm guessing it's something with my current setup that's acting funny. I'll ignore it for now since I plan on migrating either to the new Contabo server that I got or upgrading my current one at DO to Ubuntu 20.04. I just thought it was a wrong setting on my part.

Thank you for looking into this and for sharing the custom spam rules! I know you've put a lot of time into that