Daniel Bromberg put forth on 2/3/2011 3:36 AM: > The following spam got past all my filters. They're constantly evolving :-( > > I can't find the IP in any RBLs. Some meta-RBLs claim it's listed, but when I > follow up to the actual RBL, it's clean. I use zen.spamhaus & spamcop. > SpamAssassin was helpless as seen below. Those who can block this, how did you > do it? I hope whatever technique(s) also help block many more like it. > > (We have the quoting problem. This will probably go into the junk folder of > all > those who are doing filtering better than I :-( )
Blocking spam from compromised accounts is difficult. Best thing to do is report the spam to the provider: ad...@ogicom.pl If your MX is being flooded by such spam, simply block the IP (or parent network) of the IPs that are sending the spam. In this case, if you have no need to receive email from Poland, ever, then simply cidr ban the entire country using ipdeny.com information. If you don't want to ban the entire country, maybe just start with Ogicom's 93.157.96.0/21 There is no single magic bullet that will stop all spam. You must use a diverse set of tools. -- Stan
