Block mailchimp email

efyandro · Oct 3, 2020

I got annoyed by mailchimp emails sending newsletter and promos to my user and decided to block it using regex.

Code:

Oct 3 02:46:51 pmg postfix/smtpd[20645]: connect from mail153.atl121.mcsv.net[198.2.131.153]
Oct 3 02:46:52 pmg postfix/smtpd[20645]: B9B6B340070: client=mail153.atl121.mcsv.net[198.2.131.153]
Oct 3 02:46:53 pmg postfix/cleanup[20679]: B9B6B340070: info: header Subject: =?utf-8?Q?World=20Leaders=20Who=20Contracted=20COVID=2D19=20|=2030=20Years=20of=20German=20Unity?= from mail153.atl121.mcsv.net[198.2.131.153]; from=<bounce-mc.us9_35021949.1120766-10c0b6fdd1@mail153.atl121.mcsv.net> to=<censored@domain.com> proto=ESMTP helo=<mail153.atl121.mcsv.net>
Oct 3 02:46:53 pmg postfix/cleanup[20679]: B9B6B340070: info: header From: =?utf-8?Q?Statista=20Infographics=20Bulletin=20=2D=20Late=20Edition?= <felix.richter@statista.com> from mail153.atl121.mcsv.net[198.2.131.153]; from=<bounce-mc.us9_35021949.1120766-10c0b6fdd1@mail153.atl121.mcsv.net> to=<censored@domain.com> proto=ESMTP helo=<mail153.atl121.mcsv.net>
Oct 3 02:46:53 pmg postfix/cleanup[20679]: B9B6B340070: info: header To: =?utf-8?Q?Client=20Name?= <censored@domain.com> from mail153.atl121.mcsv.net[198.2.131.153]; from=<bounce-mc.us9_35021949.1120766-10c0b6fdd1@mail153.atl121.mcsv.net> to=<censored@domain.com> proto=ESMTP helo=<mail153.atl121.mcsv.net>
Oct 3 02:46:53 pmg postfix/cleanup[20679]: B9B6B340070: message-id=<0b007f243e5d4490e103cd667.10c0b6fdd1.20201002194501.956f65a166.cc5713b8@mail153.atl121.mcsv.net>
Oct 3 02:46:53 pmg postfix/smtpd[20645]: disconnect from mail153.atl121.mcsv.net[198.2.131.153] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Oct 3 02:46:53 pmg postfix/qmgr[8125]: B9B6B340070: from=<bounce-mc.us9_35021949.1120766-10c0b6fdd1@mail153.atl121.mcsv.net>, size=109003, nrcpt=1 (queue active)
Oct 3 02:46:53 pmg pmg-smtp-filter[18547]: 3E01585F7783ADCC330: new mail message-id=<0b007f243e5d4490e103cd667.10c0b6fdd1.20201002194501.956f65a166.cc5713b8@mail153.atl121.mcsv.net>#012
Oct 3 02:46:58 pmg pmg-smtp-filter[18547]: 3E01585F7783ADCC330: SA score=0/5 time=4.076 bayes=0.00 autolearn=no autolearn_force=no hits=BAYES_00(-1.9),DKIM_SIGNED(0.1),DKIM_VALID(-0.1),DKIM_VALID_AU(-0.1),HEADER_FROM_DIFFERENT_DOMAINS(0.25),HTML_MESSAGE(0.001),JMQ_SPF_NEUTRAL(0.5),MIME_QP_LONG_LINE(0.001),RCVD_IN_DNSWL_NONE(-0.0001),RCVD_IN_MSPIKE_H5(0.001),RCVD_IN_MSPIKE_WL(0.001),SPF_HELO_PASS(-0.001),SPF_PASS(-0.001),URIBL_BLOCKED(0.001)
Oct 3 02:46:58 pmg postfix/smtpd[20685]: connect from localhost.localdomain[127.0.0.1]
Oct 3 02:46:58 pmg postfix/smtpd[20685]: 13D0A340585: client=localhost.localdomain[127.0.0.1], orig_client=mail153.atl121.mcsv.net[198.2.131.153]
Oct 3 02:46:58 pmg postfix/cleanup[20679]: 13D0A340585: message-id=<0b007f243e5d4490e103cd667.10c0b6fdd1.20201002194501.956f65a166.cc5713b8@mail153.atl121.mcsv.net>
Oct 3 02:46:58 pmg postfix/qmgr[8125]: 13D0A340585: from=<bounce-mc.us9_35021949.1120766-10c0b6fdd1@mail153.atl121.mcsv.net>, size=110464, nrcpt=1 (queue active)
Oct 3 02:46:58 pmg postfix/smtpd[20685]: disconnect from localhost.localdomain[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 commands=5
Oct 3 02:46:58 pmg pmg-smtp-filter[18547]: 3E01585F7783ADCC330: accept mail to <censored@domain.com> (13D0A340585) (rule: default-accept)
Oct 3 02:46:58 pmg pmg-smtp-filter[18547]: 3E01585F7783ADCC330: processing time: 4.366 seconds (4.076, 0.128, 0)
Oct 3 02:46:58 pmg postfix/lmtp[20680]: B9B6B340070: to=<censored@domain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.5, delays=1.1/0.02/0/4.4, dsn=2.5.0, status=sent (250 2.5.0 OK (3E01585F7783ADCC330))
Oct 3 02:46:58 pmg postfix/qmgr[8125]: B9B6B340070: removed
Oct 3 02:46:58 pmg postfix/smtp[20686]: 13D0A340585: to=<censored@domain.com>, relay=192.168.90.92[192.168.90.92]:25, delay=0.23, delays=0.12/0.02/0.04/0.03, dsn=2.0.0, status=sent (250 2.0.0 Ok: queued as 4964F34009B)
Oct 3 02:46:58 pmg postfix/qmgr[8125]: 13D0A340585: removed

and in what object i'm using this regex bounce.*mc.*us.*@.*

but it didn't work.
can anybody tell me how can I block mailchimp from sending us emails?

hata_ph · Oct 3, 2020

try this 2

Code:

(\W|^)[\w.+\-]{0,50}@[\w.+\-]{0,50}rsgsv\.net(\W|$)
(\W|^)[\w.+\-]{0,50}@[\w.+\-]{0,50}mcsv\.net(\W|$)

Stoiko Ivanov · Oct 5, 2020

the addresses in the mail.log (and the tracker) usually refer to the envelope-from (smtp MAIL FROM) address - you can match these with a who object

a match field object for 'from' matches the header from address.

I hope this explains it!

efyandro · Oct 7, 2020

hata_ph said:
try this 2

Code:

(\W|^)[\w.+\-]{0,50}@[\w.+\-]{0,50}rsgsv\.net(\W|$) (\W|^)[\w.+\-]{0,50}@[\w.+\-]{0,50}mcsv\.net(\W|$)

i've implemented this rule but still not catching any incoming mailchimp emails

Stoiko Ivanov said:
the addresses in the mail.log (and the tracker) usually refer to the envelope-from (smtp MAIL FROM) address - you can match these with a who object

a match field object for 'from' matches the header from address.

I hope this explains it!

I also added the domain "rsgsv.net" in who address and add to blocklist mail filter but still not catching it

hata_ph · Oct 7, 2020

Pls expand and show the content from the tracking center.

efyandro · Oct 7, 2020

hata_ph said:
Pls expand and show the content from the tracking center.

already posted in the first post

hata_ph · Oct 7, 2020

Pls show your blacklist who object

efyandro · Oct 7, 2020

hata_ph said:
Pls show your blacklist who object

hata_ph · Oct 7, 2020

efyandro said:
View attachment 20298

Use the regex I give you. Domain who object only apply to the actual domain.

Search

Search

Block mailchimp email

efyandro

Member

hata_ph

Well-Known Member

Stoiko Ivanov

Proxmox Staff Member

efyandro

Member

hata_ph

Well-Known Member

efyandro

Member

hata_ph

Well-Known Member

efyandro

Member

hata_ph

Well-Known Member