On 2/28/19 9:15 AM, Enrique Terrazas wrote:
Greetings, I hope everyone is having a good day. We have a highly visible list that is being spammed with join requests from spoofed addresses.
Web or email?
When the confirmation email is sent a bounce is received by the list owner. The count is in the 100’s of bounced emails/hour. We noticed they are all coming from one particular domain, this may help if we are able to filter/block the domain. What would be the best way to handle this? Is there a way to handle this granularly at the list level?
If the requests are coming by email, you can block the domain in your MTA., E.g. with postfix
in main.cf:
header_checks = pcre:/etc/postfix/header_checks.pcre
in /etc/postfix/header_checks.pcre:
/^From:.*[@.]bad.domain\w/ DISCARD
or
/^From:.*[@.]bad.domain\w/ REJECT We don't accept mail from bad.domain.
For web requests, adding a pattern like '^.*[@.]bad.domain$' to the lists "Banned addresses" might help.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan