I know it is not dovecot who should fix this. But anyone using dovecot is using an MTA, and receiving spam ;) I know how to look at email headers. Spf and dkim is not solving anything here. -----Original Message----- From: Sebastian Nielsen [mailto:sebastian at sebbe.eu] Sent: donderdag 11 juni 2020 10:23 To: Marc Roos; 'dovecot'; 'users' Subject: SV: handling spam from gmail. This is not a job for dovecot. You should look into whatever is your MTA (exim, postfix etc) and implement the solution there. But my initial suggestion is to check SPF and DKIM of the email. Because I know that gmail does terminate spammers quick, but if you don't validate SPF or DKIM, you might be a victim of spoofed Gmail email. Best regards, Sebastian Nielsen -----Ursprungligt meddelande----- Fr?n: dovecot-bounces at dovecot.org <dovecot-bounces at dovecot.org> F?r Marc Roos Skickat: den 11 juni 2020 10:21 Till: dovecot <dovecot at dovecot.org>; users <users at spamassassin.apache.org> ?mne: handling spam from gmail. I am sick of this gmail spam. Does anyone know a solution where I can do something like this: 1. received email from adcpni444 at gmail.com 2. system recognizes this email address has been 'whitelisted', continue with 7. 3. system recognizes as this email never been seen before 4. auto reply with something like (maybe with a wait time of x hours): Your message did not receive the final recipient. You are sending from a known spam provider network that is why we blocked your message. Please confirm that: - you are not a spammer and - you have permission to use the mail adress you send your message to - you and your provider agree to uphold GDPR legislation - you and your provider are liable for damages when breaching any of the above. Click link to confirm and you agree with the above https://www.domainwithoutletsencryptcertificate.com/asdfasdfadsfaf 5. sender clicks confirm url 6. email address is added to some white list. 7. email is delivered to recipient.
I get two or three of these a day. They are not from Gmail but have a "reply to" address that is a Gmail account. The messages cone from an email account that passes SPF and DKIM. So the sender and reply domains differ, but that isn't unique. I have email that I need that arrives like that. I am on the Postfix list where this does belong, but I looked at the problem and decided it isn't worth fixing. I suppose I could whitelist the senders who have sender and reply to domain differences, but then I would have to deal with the people I bounce the first time because they aren't white listed. I suspect these spammers do have Gmail accounts but you can't report that address because technically no spam came from that account. You could report the sender account. However some days I get spam with the same reply to Gmail account but different sender account. ? Original Message ? From: M.Roos at f1-outsourcing.eu Sent: June 11, 2020 1:26 AM To: dovecot at dovecot.org; sebastian at sebbe.eu Subject: RE: SV: handling spam from gmail. I know it is not dovecot who should fix this. But anyone using dovecot is using an MTA, and receiving spam ;) I know how to look at email headers. Spf and dkim is not solving anything here. -----Original Message----- From: Sebastian Nielsen [mailto:sebastian at sebbe.eu] Sent: donderdag 11 juni 2020 10:23 To: Marc Roos; 'dovecot'; 'users' Subject: SV: handling spam from gmail. This is not a job for dovecot. You should look into whatever is your MTA (exim, postfix etc) and implement the solution there. But my initial suggestion is to check SPF and DKIM of the email. Because I know that gmail does terminate spammers quick, but if you don't validate SPF or DKIM, you might be a victim of spoofed Gmail email. Best regards, Sebastian Nielsen -----Ursprungligt meddelande----- Fr?n: dovecot-bounces at dovecot.org <dovecot-bounces at dovecot.org> F?r Marc Roos Skickat: den 11 juni 2020 10:21 Till: dovecot <dovecot at dovecot.org>; users <users at spamassassin.apache.org> ?mne: handling spam from gmail. I am sick of this gmail spam. Does anyone know a solution where I can do something like this: 1. received email from adcpni444 at gmail.com 2. system recognizes this email address has been 'whitelisted', continue with 7. 3. system recognizes as this email never been seen before 4. auto reply with something like (maybe with a wait time of x hours): ?? Your message did not receive the final recipient. You are sending from a known spam provider ?? network that is why we blocked your message. Please confirm that: ?? - you are not a spammer and ?? - you have permission to use the mail adress you send your message to ?? - you and your provider agree to uphold GDPR legislation ?? - you and your provider are liable for damages when breaching any of the above. ?? ?? Click link to confirm and you agree with the above ?? https://www.domainwithoutletsencryptcertificate.com/asdfasdfadsfaf 5. sender clicks confirm url 6. email address is added to some white list. 7. email is delivered to recipient.
On 11/06/2020 16.26, Marc Roos wrote:> I know it is not dovecot who should fix this. But anyone using dovecot > is using an MTA, and receiving spam ;) I know how to look at email > headers. Spf and dkim is not solving anything here.You can configure this sort of thing in postfix, exim etc. The part of the mail system to do with RECEIVING emails. Not really a dovecot function. Look at greylisting as an option. That's basically delaying email from unknown senders. Also blocklists Also consider setting up rules in spamassassin / rspamd
Hello,> Also consider setting up rules in spamassassin / rspamdAgree with that : for my own usage, I use spamassassin as content-filter (very simple to install) : https://www.vultr.com/docs/how-to-configure-spamassassin-with-postfix-on-ubuntu-16-04 My local.cf file is very simple : rewrite_header Subject ***SPAM*** required_score 5.0 use_bayes 1 report_safe 0 trusted_networks <your LAN CIDR> add_header all X-Spam-AutoLearnStatus _AUTOLEARN_ You will still receive mails but with ***SPAM*** in subject and additional Header field X-Spam-Flag: YES In Dovecot, simply configure a sieve script to put them in \Junk and mark as read (just to allow recovery possible if it was a real mail). You can then regularly trash them using un croned doveadm expunge. Regards Fabien
On Thu, Jun 11, 2020 at 05:02:03PM +0800, Plutocrat wrote:> On 11/06/2020 16.26, Marc Roos wrote: > > I know it is not dovecot who should fix this. But anyone using dovecot > > is using an MTA, and receiving spam ;) I know how to look at email > > headers. Spf and dkim is not solving anything here. > > You can configure this sort of thing in postfix, exim etc. The part of the mail system to do with RECEIVING emails. Not really a dovecot function. > > Look at greylisting as an option. That's basically delaying email from unknown senders.I use greylisting with my postfix. On Debian and Devuan th package is called 'postgrey'. What it does is, opon receiving mail from a new sender, reply with a protocol code that indicates "service temporarily unavailable; try again later". Real email senders will try again later. Most, but not all, spammers don't bother. It does mean that the email services of some legitimate senders will take that protocol code and tell the user that the email was undeliverable. (so the senders tell me) But those services still do try later, and I do get the message. Of course you can still whitelist, and this spamfighting won't happen for those sites. -- hendrik> Also blocklists > Also consider setting up rules in spamassassin / rspamd >
On Thu, 11 Jun 2020, lists wrote:> I get two or three of these a day. They are not from Gmail but have a > "reply to" address that is a Gmail account. The messages cone from an > email account that passes SPF and DKIM. So the sender and reply > domains differ, but that isn't unique. I have email that I need that > arrives like that.This entire thread belongs on an anti-spam forum, but you might want to check out http://msbl.org/ebl.html Joseph Tam <jtam.home at gmail.com>