Best way to block email from specific country

Submitted by rjrsinc on Mon, 04/22/2013 - 06:53 Pro Licensee

I've been seeing a large increase in spam email from .pw and would like to block all email coming from that country. We are currently using Postfix, Spamassain, Clamav, and have been adding domains to the deny list in spamassain. I tried using *.pw to block all in Spamassasin but the list is becoming too large. I found online reference to add a line to the access file to REJECT, but that file does not exist on my system. Do you have a recommendation?

Status: 
Closed (fixed)

Comments

Submitted by andreychek on Mon, 04/22/2013 - 08:40

Howdy -- well, we probably ought to mention that the Postfix folks really recommend against blocking entire countries from Postfix :-)

However, it should be possible to do that.

I tried using *.pw to block all in Spamassasin but the list is becoming too large

Hmm, what did you mean by the list being too large? That actually should be a good way to classify email as spam, without blocking it outright; which the Postfix people seem to like better :-)

For example, I believe you could do something like this in SpamAssassin (I haven't tested this though):

blacklist_from @.pw

If all you want to do is block based on the user's From address.

I found online reference to add a line to the access file to REJECT, but that file does not exist on my system

This can work too; you may just need to configure Postfix to use that access file. If you prefer this method, let us know what you have setup so far, and we can look into what else needs to be configured.

Submitted by rjrsinc on Mon, 04/22/2013 - 16:08 Pro Licensee

If there is another way to block entire domains than using Postfix, that would be great. I thought of Postfix since the problem is email being sent to my users. We are putting in a network-wide firewall that will allow up to block entire countries, but not sure if it will also help with entire domains. In Virtualmin, there is reference to using wildcards for domains, but I'm trying to block anything ending with .pw (@123.pw, @abd.pw, etc), but using *.pw does not seem to work. Regarding the reference I made about the list being too long, I meant that I've been adding individual domains (@123.pw, @abc.pw, etc) but my Deny list is getting rather long.

Submitted by rjrsinc on Fri, 10/18/2013 - 06:33 Pro Licensee

Place an Astaro firewall. All is good.