1

Topic: Chinese Spam

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 1.4.0
- Deployed with iRedMail Easy or the downloadable installer? Downloadable installer
- Linux/BSD distribution name and version: Ubuntu 20.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): PGSQL
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Hello,

Since a couple of weeks ago we started receiving a lot of Chinese spam email. They come from randoms @outlook.com domains.

Is there a way to counter this ? I can't really block all of @outlook.com. Is there a way to block emails containing Chinese since we don't speak it ?

I've added a picture in attachement

Thanks

2

Re: Chinese Spam

I just realized that @outlook.com is in the whitelist for the graylisting. I've removed it. I'll see if it changes anything.

3

Re: Chinese Spam

Unfortunately that did not work

4

Re: Chinese Spam

Quack66 wrote:

Unfortunately that did not work

Is Greylisting turned on the domain in question?

Is outlook.com definitely not in a grey list?

If greylisting is turned on is the email is definitely coming from outlook.com servers?

If so then you may need to add a commercial mail filter in front of your server.  It is possible your server is receiving @outlook.com email that is not from @outlook.com servers.

A home brew fix is found below but it has gotchas in it.

This article shows how to filter using postfix for checking headers.
********Back up your server / config before doing this. *********

https://www.linuxbabe.com/mail-server/b … amassassin


You would put in a header check for
/Subject:.*(chinese char|chinese char|chinese char|chinese char ).*/       DISCARD   
or
/Subject:.*(chinese char|chinese char|chinese char|chinese char ).*/       REJECT


Test by sending an email with a chinese char from your list in the subject and see what happens.


Other possible spam checkers would be to check the char set for the email:
/charset="gb2312" /
/Content-Type:.*( text/plain;) .*charset=GBK*/

These rules will bite you if there are genuine emails with chinese chars in the subject line or an international char set including chinese chars.

Using Reject will let the sender know you didnt receive it - but if an innocent persons email address is used it can cause backscatter.

5

Re: Chinese Spam

Exactly what I needed ! Yes they do come from Outlook and graylisting is enabled. We don't communicate in chinese at all (nobody at the office speaks it) so I've deployed and tested the blocking of everything in the charset gb2312. I will monitor in the upcoming days but from my tests it seems to work perfectly.

Thanks for the help !

6

Re: Chinese Spam

You should block GB2312, GB18030, GBK, BIG-5 for Chinese characters.

----

Buy me a cup of coffee ($5) to support iRedMail:

buy me a cup of coffee

7

Re: Chinese Spam

Quack66 wrote:

Exactly what I needed ! Yes they do come from Outlook and graylisting is enabled. We don't communicate in chinese at all (nobody at the office speaks it) so I've deployed and tested the blocking of everything in the charset gb2312. I will monitor in the upcoming days but from my tests it seems to work perfectly.

Thanks for the help !

I would also look at reporting them back to Outlook.com / Microsoft  . They may be fighting against tons of people signing up from lots of ip addresses but they have the clout to tell an ISP to sort their systems out or get black listed - and that would hurt any clients using that ISP.   Financial pressure is the only thing that will get ISPs etc to start acting responsibly.

Send reports to abuse@outlook.com  as per the below from MS

Abuse and Spam Reporting
To report unlawful, abusive, unwanted or malicious email that you find originating from an Outlook.com, Hotmail, Live, or MSN account , please forward a complete copy of the abusive message (including the full message header) to abuse@outlook.com. Sending these types of communications is a violation of Microsoft policy and appropriate action will be taken on confirmed reports


We also use a front end spam guard that aggregates information across lots of mail boxes and when it sees the same email appearing in many boxes, is likely to quarentine it for your clients.
mxguarddog.com    $0.25 per email address per month.   I am not associated with them and this is not an affiliate link.