Block spam sources from your website's email server
September 16, 2018
If you run a website hosted on an Apache web server, and are using the domain for email, and are using cPanel as your control panel, you most likely have a section labeled "email" which contains a link labeled: "Account Filtering." In this article I will share some filters I made to block email spammers.
A domain name is an alpha-numeric name that has been chosen and registered — by an individual or legal entity — with an accredited domain registrar to represent a web property. "Example.com" is a sample of a domain name. A domain name can be parked until it is needed for use as a website, or can simply be a pointer/shortcut to an active website that has a different name.
Many people choose to send and receive email through a domain and website they own, or administer, or for which they act as the Webmaster. If your domain name represents a business, sending email from that domain looks more professional than using a free email system (gmail, hotmail, live.com, etc).
However, as usually happens to active email accounts, some or all of your domain email addresses will eventually be captured by email harvesting bots and added to spam lists. If you have multiple email accounts for your domain, they may all receive the same, or related spam messages at the same time. If you are a busy person trying to read business messages, these spam emails can become a serious nuisance. Some well written spam filters can put a big dent in the amount of spam emails getting through to your inbox. Here's how I do it.
My most effective spam filters are those that block known spam senders either by their IP addresses or by typical spam domain extensions. At the time of this writing, the worst spam sources are coming from domains hosted on ColoCrossing servers. While I haven't yet discovered all of their IP addresses, the most currently used ranges are within the network encompassing 107.175.123.0/24 and in the recent past: 107.174.30.0/24.
Here is a spam filter I have created that blocks unwanted IP addresses and entire CIDRs. Each line has the conditions: "Any Header" and "matches regex" and has the operator "OR" after each line except the very last. I call this filter: "Block known spam IPs."
- \[104\.36\.84\.\d{1,3}\]
- \[182\.181\.\d{1.3}\.\d{1,3}\]
- \[188\.225\.\d{1,3}\.\d{1,3}\]
- \[198\.27\.110\.(6[4-9]|7[0-9]|8[0-9]|9[0-9]|1([0-1][0-9]|2[0-7]))\]
- \[198\.50\.205\.1(2[89]|[345][0-9])\]
- \[217\.182\.182\.
- Received:\ from\ \[69.94.155.
- Received:\ from\ \[107.174.30.
- Received:\ from\ \[107.175.123.
- Received:\ from\ \[154.16.107.
- Received:\ from\ \[162.244.12.
- Received:\ from\ \[185\.81\.15[2-5]\.\d{1,3}\]
- Received:\ from\ \[185.126.176.
- Received:\ from\ \[185.132.125.
- Received:\ from\ \[192\.3\.33\.\d{1,3}\]
- Received:\ from\ \[192.227.162.
- Received:\ from\ \[194\.67\.\d{1,3}\.\d{1,3}\]
- Received:\ from\ \[36\.(5[6-9]|6[0-3])\.\d{1,3}\.\d{1,3}\]
- Received:\ from\ \[(5\.230\.126|27.122.14|45\.35\.\d{1,3}|45\.58\.132|50\.115\.167|66\.23\.212|81\.7\.1[4-7]|95\.58\.2[01]|104.36.84|104\.217\.137|104\.254\.213|185\.105\.[4-7]|188.72.68|193\.124\.1(7[6-9]|8[0-9]|9[01])|194\.67\.222|199\.116\.11[89]|204\.188\.245|208\.89\.2(0[8-9]|1[0-5])|216.126.239)\.\d{1,3}\]\s
At the bottom of all the filter pages you have to select an action to perform when any condition is met. Since all of these IP addresses represent unwanted spam, scam or compromised domains, I chose the following actions:
Fail With Message and "We do not accept email from your domain. Remove us from your email list."
Many of the filters are written in Regular Expressions format. Google that term to learn more about them. In the meantime, I hope these filters will be of use to someone else. If they are, please consider sending me a donation for my efforts, via the PayPal donation link in the sidebar. ;-)
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.