On Mon, 2007-01-29 at 09:19 +0100, D Ivago wrote: > - the first kind of spam is with subject that contain RX and is mostly > like a reply so 'Re:blahblahRXblah' > It does come from different smtp servers so denying the host is not an > option. not sure what do you want here.
> - the second kind of spam that still gets through is mail from sender@ > $variabel.emv1.net > So the SUBdomain changes but the main domain is emv1.net , I allready > blaclisted those subdomains in my rc.local but can I also use a > wildcard? Now I just blacklist each subdomain like: > > blacklist_from [EMAIL PROTECTED] > blacklist_from [EMAIL PROTECTED] Why not just blacklist it in the mta, so that you still save bandwidth? e.g. sendmail access file: emv1.net REJECT " hit the road jack" If you think about blocking some legitmate messages from emv1.net, I suggest, that you create a rule that flag that with low score and then filter a copy to check it out for some time. If you have procmail, you can try something like: :0 c * ^X-Spam-Status:.*ADD_YOUR_RULE_NAME_HERE.* /spam/emv1_net.mbox -Raul Dias