Warning and Apologies.
I discovered that the insert below was causing fatal errors in my badmailfrom plugin due to a copy/paste error - I somehow acquired an extra asterisk at the beginning of each line. See later post for correction
See correction in
https://forums.contribs.org/index.php/topic,53984.msg281701.html#msg281701=========================================================================
Install
Email_Whitelist-Blacklist_Control and run the console-save event so that you can make config changes
yum install --enablerepo=smecontribs smeserver-wbl
signal-event console-save
In server-manager, select 'Email-WBL' in Configuration
Insert your pattern in 'Blacklist' -> 'qmail badmailfrom'.
Here is the list of patterns I ended up with after closely monitoring spam on one server for a few months (the second column is an error message that will appear in the qpsmtpd logs for triggered emails):
*^.*\.accountant$ check_badmailfrom_patterns-^.*\.accountant$
*^.*\.asia$ check_badmailfrom_patterns-^.*\.asia$
*^.*\.bid$ check_badmailfrom_patterns-^.*\.bid$
*^.*\.biz$ check_badmailfrom_patterns-^.*\.biz$
*^.*\.cf$ check_badmailfrom_patterns-^.*\.cf$
*^.*\.club$ check_badmailfrom_patterns-^.*\.club$
*^.*\.cricket$ check_badmailfrom_patterns-^.*\.cricket$
*^.*\.date$ check_badmailfrom_patterns-^.*\.date$
*^.*\.de$ check_badmailfrom_patterns-^.*\.de$
*^.*\.download$ check_badmailfrom_patterns-^.*\.download$
*^.*\.eu$ check_badmailfrom_patterns-^.*\.eu$
*^.*\.faith$ check_badmailfrom_patterns-^.*\.faith$
*^.*\.fr$ check_badmailfrom_patterns-^.*\.fr$
*^.*\.ga$ check_badmailfrom_patterns-^.*\.ga$
*^.*\.gq$ check_badmailfrom_patterns-^.*\.gq$
*^.*\.help$ check_badmailfrom_patterns-^.*\.help$
*^.*\.info$ check_badmailfrom_patterns-^.*\.info$
*^.*\.in\.net$ check_badmailfrom_patterns-^.*\.in\.net$
*^.*\.internal$ check_badmailfrom_patterns-^.*\.internal$
*^.*\.ip-pool.com$ check_badmailfrom_patterns-^.*\.ip-pool.com$
*^.*\.loan$ check_badmailfrom_patterns-^.*\.loan$
*^.*\.lol$ check_badmailfrom_patterns-^.*\.lol$
*^.*\.ml$ check_badmailfrom_patterns-^.*\.ml$
*^.*\.news.*\.de$ check_badmailfrom_patterns-^.*\.news.*\.de$
*^.*\.ninja$ check_badmailfrom_patterns-^.*\.ninja$
*^.*\.party$ check_badmailfrom_patterns-^.*\.party$
*^.*\.pw$ check_badmailfrom_patterns-^.*\.pw$
*^.*\.racing$ check_badmailfrom_patterns-^.*\.racing$
*^.*\.review$ check_badmailfrom_patterns-^.*\.review$
*^.*\.ru$ check_badmailfrom_patterns-^.*\.ru$
*^.*\.rx\.com$ check_badmailfrom_patterns-^.*\.rx\.com$
*^.*\.sales.*\.hk$ check_badmailfrom_patterns-^.*\.sales.*\.hk$
*^.*\.science$ check_badmailfrom_patterns-^.*\.science$
*^.*\.site$ check_badmailfrom_patterns-^.*\.site$
*^.*\.space$ check_badmailfrom_patterns-^.*\.space$
*^.*special.*\.net$ check_badmailfrom_patterns-^.*special.*\.net$
*^.*\.tk$ check_badmailfrom_patterns-^.*\.tk$
*^.*\.top$ check_badmailfrom_patterns-^.*\.top$
*^.*\.trade$ check_badmailfrom_patterns-^.*\.trade$
*^.*\.uno$ check_badmailfrom_patterns-^.*\.uno$
*^.*\.wan$ check_badmailfrom_patterns-^.*\.wan$
*^.*\.wang$ check_badmailfrom_patterns-^.*\.wang$
*^.*\.webcam$ check_badmailfrom_patterns-^.*\.webcam$
*^.*\.website$ check_badmailfrom_patterns-^.*\.website$
*^.*\.win$ check_badmailfrom_patterns-^.*\.win$
*^.*\.work$ check_badmailfrom_patterns-^.*\.work$
*^.*\.xyz$ check_badmailfrom_patterns-^.*\.xyz$
The server I used this on received significant amounts of spam where the sending email looked like
<random-code-username=smedomain.tld@spammers.domain> - where "smedomain.tld" was the actual domain of the server.
I blocked those senders using this pattern:
*^.*\-.*\=smedomain\.tld\@.*\..*$ check_badmailfrom_patterns-^.*\-.*\=smedomain\.tld\@.*\..*$
Some legitimate services use the same sending email format - add the sending domains for those folks in 'White list' -> 'qpsmtpd whitelistsenders':
craigslist.org
ruthschrismail.com
The commands I used to monitor qpsmtpd and fine-tune badmailfrom, DNSBL and RHSBL are on the wiki:
https://wiki.contribs.org/Email_Statistics#Useful_Commands