• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question Plesk Email Security - block emails for reply-to of a different domain from sender

finbarr69

finbarr69

Basic Pleskian
Server operating system version
CentOS Linux release 7.9.2009 (Core)
Plesk version and microupdate number
Plesk Obsidian Web Host Edition Version 18.0.55 Update #2
Hi all. I think this might be a feature request as I can't see a way to do this.

I am (I think we all are) plagued with spam from people emailing us to offer to improve our website. Ironically, they often email the webmaster.

These always come "from" what looks like a genuine company email address, but with a reply-to of a gmail email address. If you reply to the From address, you'll find the email address doesn't exist and you get a bounce.

They never get stopped by the Plesk Email Security and there's no way to easily block them as it is always different From addresses and different Reply-To addresses.

However, they all have one thing in common. The reply-to is almost always a gmail email address and bears no resemblance to the From address.

It would be easy to block these if we could create a rule that marks as spam any email where the From email domain is different from the Reply-To email domain. I think it would be very unlikely that any genuine email would fit in to this category. Reply-to is normally used where the From address is a no-reply email address or some bot email address, and the sender wants replies to go somewhere specific on the same domain, but an exception list could be created.

I think that's desirable for everyone, and it could be a rule we could default to off, and turn on if desired, and turn back off if it causes problems.

Comments welcome.
 
You could write your own SpamAssassin rules to filter spam based on certain email characteristics. Simply create a new file for rules in the SpamAssassin configuration directory. For example you could create a file named custom.cf and add any custom SpamAssassin rules to that file. In case of CentOS 7 the SpamAssassin configuration directory is located at /etc/mail/spamassassin.

To get you started I created the rule below based on the spam characteristics you mentioned. I gave the rule a low score so you can test it without any major impact on your email. If it works well you can increase the rule score so any email that matches this rule hits your spam score threshold.

What it does
In short, this rule uses an already existing SpamAssassin rule to check whether the reply-to email address is from a freemail provider (Yahoo, gmail, outlook/hotmail, ect). If the reply-to address in the email message is indeed from a freemail provider, the rule will then check for certain keywords in the body of the email. If a combination of those key words is found in the body, the rule adds the score to the total spam score of the email.

Change, adapt, improve based on your specific needs and experience.

Code: 
# One of these keywords must be present in the email
body __WEB_DEV_SPAM_01 /develop|design|desing|designing|redesign|revamp/i

# One of the listed keywords bellow must be present in the email as well
body __WEB_DEV_SPAM_02   /company|companies|professionals|professional|expertise|dedicated team|in-house|methodologies|reliable|working experience|experienced|trustworthy|specialist|business/i

# One of the listed keywords bellow must be present in the email as well
body __WEB_DEV_SPAM_03  /affordable|projects?|interested|quotation|quick delivery|services|competitive pricing|very reasonable|very affordable prices|testimonials|price ?list|reply me|any kinds of help|impress you|exact requirement/i

# Final rule. Checks if email has reply-to address from a freemail provider with  a combination of any of the listed keywords above used in the body
meta        WEB_DEV_SPAM    (FREEMAIL_REPLY && ((  __WEB_DEV_SPAM_01 + __WEB_DEV_SPAM_02 + __WEB_DEV_SPAM_03)) >= 3)

# Description of the spam rule, which is shown in the header of the email
describe    WEB_DEV_SPAM    Web dev spam content

# Low spam score, increase to give this rule more weight
score       WEB_DEV_SPAM    1.0

Lastly, when ever you make changes to the SpamAssassin configuration (which includes custom rules) you'll have to restart SpamAssassin for the changes to take effect. SpamAssassin can be restarted by running the command sudo /usr/local/psa/admin/bin/spammng --restart
 
Last edited:
You must log in or register to reply here.

Similar threads

D
Issue Email Sender domain change when forwarding emails
Replies
1
Views
437
skoubin
S
carlsson
Resolved Outgoing administrator mail not authorized [missing SPF record in sender domain]
Replies
11
Views
983
rkbonatto
rkbonatto
A
Resolved Unwanted redirects to gmail, when receiving emails
Replies
5
Views
962
arunda2
A
D
Resolved Want to blacklist spam from a specific user name but have wildcards in the domain. Possible?
Replies
5
Views
1K
David Borrink
D
P
Question Plesk Email Security Block list doesn't work
Replies
5
Views
947
Kaspar
K
Back
Top