Solved

SPAM Mail

Posted on 2016-07-27
6
38 Views
Last Modified: 2016-08-11
Using spam assassin via c-panel, how do I block the the full range of an ISP's IP numbers?  The net range below?

For instance, I am get spam from 162.251.238.92, the ownership is:

NetRange:       162.251.232.0 - 162.251.239.255
CIDR:           162.251.232.0/21
NetName:        FHUB-NET-9
NetHandle:      NET-162-251-232-0-1
Parent:         NET162 (NET-162-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS53340, AS62956
Organization:   VegasNAP, LLC (VEGAS-3)
RegDate:        2014-01-15
Updated:        2014-01-15
Ref:            https://whois.arin.net/rest/net/NET-162-251-232-0-1


OrgName:        VegasNAP, LLC
OrgId:          VEGAS-3
Address:        1110 Palms Airport Dr.
Address:        Suite 110
City:           Las Vegas
StateProv:      NV
PostalCode:     89119
Country:        US
RegDate:        2009-11-09
Updated:        2011-09-24
Ref:            https://whois.arin.net/rest/org/VEGAS-3


So how do I setup a new rule for it to cover their full range of IP addresses?  I know how to do an individual IP address, but I cant keep adding single IP's as they  change.

Thanks

Thanks
0
Comment
Question by:Stardotstar
  • 5
6 Comments
 
LVL 90

Accepted Solution

by:
John Hurst earned 500 total points
ID: 41732084
Better I think to blacklist the sender and perhaps set up an all headers rule for something in the subject or body of the email. I use the latter for spamassassin at my email ISP here.
0
 

Author Comment

by:Stardotstar
ID: 41732094
Thanks, but neither of those remain constant.  I tried a global blacklist like this, but it did not cath this one:

blacklist_from *.ru

and

*.ru

Neither worked.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41732099
Try __VegasNAP__ in a header rule.

Spammers do not use constant IP addresses but subject and body are often constant.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 90

Expert Comment

by:John Hurst
ID: 41732100
Also , look up the email header information and see what is in Message ID to assist you.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41732113
Also, get the Message ID and post it here. You may be surprised.
0
 
LVL 90

Expert Comment

by:John Hurst
ID: 41732183
I have an email that says it came from Google, my email ISP (Spamassassin) rejected it, but my forwarding ISP accepted it. I have blacklisted it at my forwarding ISP.

Here is the Message ID

<562342454.72218.1469659606934.JavaMail.zimbra@sequislife.co.id  

I blacklist *.id
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Forget those services on TV trying to sell you software – that’s step one.  Almost all of the software you need should be available for free.  The tricky part is doing the work.  If you are not comfortable performing these steps yourself, contact a …
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now