How do I report and permanently block certain email addresses?

Linode Staff

I have spam email coming in from the following email addresses many times a day and I want them to stop:

To access my mail, I use Mail under MacOS and an email program on my Android cell phone.

1 Reply

I'm sorry to hear about your email annoyances. I have similar issues of my own. The complexities and variability of email server architecture make this difficult to manage. In short the answer is going to depend on the provider of the email services for your email address.

Managing your own Block Lists

If you are using a service such as Gmail, where the program that handles receiving your email is the same as the program that stores your mail and also lets you look at your mail is one and the same, the answer is straightforward: Create a filter for the messages that you want to block.

If you are running your own mail server or have your registrar provide a mail service for you, things can get more complex:

   ┌─────────────┐     ┌─────────────┐
   │             │     │             │
   │   Sender    │     │  Recipient  │
   │             │     │             │
   └─────────────┘     └─────────────┘
          │                   ▲       
          │                   │       
          │                   │       
          └─────┐             │       
                │             │       
                │             │       
                ▼             │       
         ┌─────┬──────┬────┐  │       
┌────────┼────▶│ MTA  │────┼──┘       
│        │     └──┬───┘    │          
│        │        │        │          
│        │     ┌──▼───┐    │          
│        │     │ MDA  │    │          
│        │     └──┬───┘    │          
│        │        │        │          
│        │┌───────▼───────┐│          
│        ││ Mail Storage  ││          
│        ││               ││          
│        ││               ││          
│        │└───────────────┘│          
│        │        │        │          
│        │        │        │          
│        │        │        │          
│        │  ┌─────▼──────┐ │          
│        │  │ IMAP/POP3  │ │          
│        │  │   Server   │ │          
│        └──┴──┬───────┬─┴─┘          
│              │       │              
│        ┌─────┘       └───┐          
├────────┼──────┐          │          
│        │      │          │          
│        ▼      │          ▼          
│  ┌──────────┐ │    ┌──────────┐     
│  │  Phone   │ │    │ Desktop  │     
└──│          │ └────│ Computer │     
   └──────────┘      └──────────┘

The following is a specific example of investigating a system to determine what is going on. Your system may be significantly different. In any case your desktop computer or your phone are generally not the location to setup blocklists for your email.

To figure out how you have things setup, first we will need to determine what server handles mail for your domain:

dig -tMX example.com 

.
.
example.com.       300     IN      MX      1 mail.example.com.
.
.

Second we will need to determine the software being used for your SMTP services.

telnet mail.example.com 25
Trying 203.0.113.4...
Connected to mail.example.com.
Escape character is '^]'.
HELO
220-mail.examile.com ESMTP Exim 4.94.2  #2 Sat, 12 Jun 2021 01:50:55 +0000 
220-   We do not authorize the use of this system to transport unsolicited, 
220    and/or bulk e-mail.
.
.
.

Third we need to determine your operating system or distribution. For example if we looking at the name of your Linode's Disk, "CentOS 7 Disk" it we could determine that the operating system that is running is CentOS 7.

Since CentOS7 is often used as the foundation for a management web interface called cPanel/WHM we will want to check to see if that is installed by browsing https://mail.example.com::2083/

Let us assume that this does indeed appear to be the case. When using cPanel to manage your server's configuration, it is important to follow instructions for performing administration using cPanel rather than just editing configuration files behind its back which could lead to a confused or broken system configuration.

While we are on the subject of cPanel (and other Management Web Interfaces), I'd like to stress to you that any advice you get about administration of your server should be always be weighed against the knowledge that you are running cPanel. Changing files and configurations behind cPanel's back should be met with the same level of caution one would use when randomly shuffling through and rearranging files organized by your tax accountant while they are not looking.

There are people who run EXIM mail agents on CentOS 7 servers where the configuration is not managed by cPanel. When browsing the internet you may be offered advice that does not make the distinction. In general it is always best to do whatever configuration you can inside cPanel before edit configuration files.

Now that we have figured out that 1) Our MTA is exim, 2) Our OS is CentOS 7, and 3) we are running cPanel we can Google these terms to find documentation that may be wort looking at:

In particular, the following article stands out:

Please note that this article mentions things like "If your hosting provider enables…". This hosting provider does not refer to Linode. It refers to the administrator of WHM portion of the cPanel/WHM installation on your Linode (which is also you). cPanel/WHM is designed so that more than one group of people can use the same server and it is assumed that a "hosting provider" is managing the different accounts that share the server.

Using External Blocklists and Reporting Spam

Whois

By industry convention if a domain owner is responsible about the email sending practices of their users, they will often have an abuse contact email such as abuse@example.com listed that can be looked up via the command:

whois example.com
.
.
.

Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +1.5555551212
.
.
.

Reporting spam to that email address is usually the best first step.

Third Party Blocklists

See: https://en.wikipedia.org/wiki/Comparison_of_DNS_blacklists

There are many free and proprietary organizations that maintain lists of IP Addresses and domains that are guilty of sending spam. There are often ways of integrating these lists with your MTA so that it will check these blocklists before accepting mail. Each organization will have its own way of reporting domains and IP addresses that are sending spam.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct