How to block SendGrid spam with sendmail?

Question

Sendgrid and MailChimp are the two biggest sources of spam captured in my spam-folder. I'd like to block them before they get there.

Fortunately, in an effort to appear "legitimate" the spammers gracefully identify themselves. Sendgrid in particular inserts two special headers: X-SG-EID and X-SG-ID.

What's the best way to block on the sendmail level -- before it even hits procmail and/or IMAP-server?

I'm thinking of a header-database (such as /etc/mail/SPAM-HEADERS) and a LOCAL_CONFIG section with a header-rule like:

F{SpamHeaders} /etc/mail/SPAM-HEADERS
H*: $>CheckHdr
SCheckHdr
... ??? ...

Note, I don't care for the header's value -- as long as the header itself is present, I want to reject the message. Preferably -- with a header-specific condemnation. For example, if the SPAM-HEADERS database contains line

X-SG-ID        We love getting spam from SendGrid, just not today

I'd like sendmail to reply to any message with X-SG-ID among headers with 553 We love getting spam from SendGrid, just not today.

SendGrid and MailChimp are also used by many legitimate mail senders (my company uses SendGrid when we send the confirmation messages for new accounts). Aren't you worried about throwing the baby out with the bathwater? — Barmar, Dec 15 '17 at 19:55
Sendgrid and Mailchimp trade as legitimate relay services and work hard not to send spam as it affects their reputation, so would be interested in actual spam that is being sent through their networks, so is it really spam or just mail you haven't opted out of? — Simon Greenwood, Dec 15 '17 at 20:24
I send my own personal mail through SendGrid. These services are not just trying to appear legitimate; they _are_ legitimate. They are very responsive to abuse complaints. If you actually are receiving spam from them, you should forward it to `abuse@`. — Michael Hampton, Dec 15 '17 at 20:33
No, they aren't "legitimate". They ignore SpamCop's complaints, for example. I am boycotting them. But my question is technical -- SendGrid is just an example. — Mikhail T., Dec 15 '17 at 22:54
Have you considered using milter for the task? You can use MIMEDefang for anti-spam and anti-virus integration. It allows to use perl script for filtering. It would be hard to include exceptions into "sendmail.cf only" implementation. — AnFi, Dec 17 '17 at 09:12
I've _written_ an [anti-spam milter](http://virtual-estates.net/skem/), but it is not necessary to do what I'm asking: block e-mails containing a certain header. — Mikhail T., Dec 17 '17 at 18:46

score 1 · Answer 1 · answered Dec 16 '17 at 05:18

For the record, I share similar opinions that MailChimp and SendGrid themselves aren't necessarily bad (although they certainly could have bad customers that they don't know about).

Opinion aside, from a purely technical perspective, I think the easiest way to block them would be to update the /etc/mail/access table to block hosts belonging to the domain that the relay servers belong to. Because they are legitimate, their server hostnames will likely belong to a common domain that you could key off of.

For example, if you check the headers on mailchimp messages you'll see that the relay servers belong to rsgsv.net. As such, you could add an entry to /etc/mail/access like:

rsgsv.net       REJECT

For further details, check out the guide here.

I don't think, this would work with SendGrid. And they own too many class-Cs to block them by IP as well. — Mikhail T., Dec 16 '17 at 11:27

How to block SendGrid spam with sendmail?

1 Answers1