Topic: block all mail from .ru

[timlitw]

Is there anyway that I can tell the smeserver to block/drop all smtp connections from .ru

[cactus]

Is there anyway that I can tell the smeserver to block/drop all smtp connections from .ru

Yes perhaps using blacklists, but this is not the best method to fight spam, did you already implement other anti-spam measures available on SME Server?

[TearGas]

Using Geoip works fine for me!
http://wiki.contribs.org/GeoIP

[mercyh]

This panel gives you access from the server-manager to several different levels of white and blacklists including qpsmtpd badhelo and qmail badmailfrom.

http://wiki.contribs.org/Email#Email_WBL_server_manager_panel

[timlitw]

yes, and it generally works great but right now I am getting about 3500 fake bounce and other spams from russia per hour and I need to get qmail to drop them so spamassassin doesn't have to scan them.

[mercyh]

Is this stuff really from russian IPs or is it just a spoofed from:address <spoofed_user@spoofed_domain.ru> ?

[timlitw]

I'm not the one receiving these. I'll see if that user will forward several to me.

[timlitw]

It looks like about 70% are Russia, 20% US and the rest scattered around the globe.

[mercyh]

Did you check out TearGas' suggestion. It should at least get the russian ones and if you receive no legit mail from russia shouldn't cause a problem.

I am not sure if you can block all .ru domains with the qmail blacklist. (at least I can't find the format you would need to use.)

[timlitw]

Yes, I installed that.  It seems to be working very well.
in the last minute it has been
     12 FR
     15 GB
     23 BR
     23 PE
     29 TR
     38 PL
     84 US
    426 RU
So, I got rid of a few of those country codes also.  This is for a school and the only people they need to communicate with "per the principle" are their parents board and other local supplies and other schools. All US in other words.