How To: Add Restriction For Spam Mail

  Email

Ticket Example : QRU-957-94366

Spam is flooding the Internet with many copies of the same message, in an attempt to force the message on people who would not otherwise choose to receive it. For example, in the email inbox, you may find that there are a lot of irrelevant or inappropriate messages sent in large repeating amount.

Meanwhile, spoof on the other hands means a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver.

SpamExperts is a leading company in the e-mail security market. In order to provide the most secure services to the customers SiteGround has integrated the SpamExperts solutions on our shared and business servers. In this way the incoming and outgoing e-mail messages are filtered and the delivery of spam is prevented.

After SSH and enter the root, check on the outgoing and incoming mail log of the mail address that is suspected to be spoof/spam. To check, execute the command below:

cat /var/log/exim/mainlog | grep

or you can straight away check the email ID

cat /var/log/exim/mainlog | grep

If you find that the mail log as below, this indicates that the email address send does not go through the anti-spam. For example:

2017-09-26 12:18:57 1dwhKi-0006JE-BQ <= support@yokohama.my H=(jade.yokohama.local) [219.93.51.249] P=esmtp S=13658 id=1506399530.26285@netbotzyokohama T="Value Too High (returned to normal) - Error - Humidity (4) - NetBotz Rack Monitor 450" from for wswong@yokohama.my

An email address that goes through an anti-spam seems to appear as below, whereby you can see the use of “antispamcloud”


2017-09-26 16:48:50 1dwlXt-0003BM-MB <= gil.cabarrubia@motolite.com H=mx53.antispamcloud.com [31.204.155.116] P=esmtps X=TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256 S=63264 id=846239c06d71475294f329bf84876879@PHREXG01.ph.ramcar.com T="OB18 (2018 Operating Budget) Preparations" from for shgoh@yokohama.my

You can filter the incoming email by adding a restriction to it. In order to add a restriction for the email address (to avoid spoof/spam), you can first go to the edit mode


vim /etc/exim.conf

insert the following line


deny
domains = +local_domains
!hosts = delivery.antispamcloud.com : localhost : +relay_hosts
message = Please deliver mail to the address specified in the MX records for this domain.

To monitor files that are changing, type

tail -f /var/log/exim/mainlog

Lastly, execute the command line below to reload the restriction added
/etc/init.d/exim restart