efa-project.org

Just after some advice. We have a client who receives numerous emails from the same person, similar to the headers below, always from a different domain, although these are of a similar variation, and would be grateful if someone could advise on how to block these, other than blacklisting each individual domain as they come in.

Thanks

Received: from Internal Mail Server (name and Ip address hidden) by
Internal Mail Server (name and Ip address hidden) with ESMTP (SSL) id
201611220723519326 for <client@clilent.COM>; Tue, 22 Nov
2016 07:23:51 -0000
Received: from Internal Mail Server (name and Ip address hidden by
Clients Exchange Server with Microsoft SMTP Server (TLS) id
14.1.438.0; Tue, 22 Nov 2016 07:23:59 +0000
Received: from ip-10-0-0-208.ec2.internal
(ec2-52-5-236-237.compute-1.amazonaws.com [52.5.236.237]) by mxa.mailgun.org
with ESMTP id 5833f27e.7f4be77b65f0-smtp-out-n01; Tue, 22 Nov 2016 07:23:42
-0000 (UTC)
Received: from do159-142.mailgun.net (do159-142.mailgun.net [192.237.159.142])
by Internal EFA SPAM Server with ESMTP id AAAD2100159 for
<Client@Client>; Tue, 22 Nov 2016 07:23:44 +0000 (GMT)
Reply-To: "Amrinder Dhillon" <amrinder.dhillon@voip-email.com>
From: "Amrinder Dhillon" <amrinder.dhillon@voip-email.com>
To: "Client" <Client@Client>
Subject: Referral to the VP of IT at xxxxxxx
Date: Tue, 22 Nov 2016 07:23:43 -0000
Message-ID: <2060523960.744065.1479799422050.JavaMail.root@ip-10-0-0-208>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0000_01D2449A.C7D3BB00"
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQHSRJFl7HHujXMnvU2KyTmt8sGlCA==
Content-Language: en-gb
x-ms-exchange-organization-authsource: xxxx.local
received-spf: Fail (xxxx.local: domain of amrinder.dhillon@voip-email.com does not designate 178.248.39.26 as permitted sender)
receiver=xxxx.local; client-ip=xxxx; helo=internal mail server
List-Unsubscribe: <mailto:unsubscribe@voip-email.com>
x-spam-status: No
dkim-signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=voip-email.com; q=dns/txt; s=mx; t=1479799423; h=List-Unsubscribe: Content-Type: Mime-Version: Subject: Message-Id: To: Reply-To: From: Date: Sender; bh=T6MbudzUimwHNJ1Ym4mQgQMe8RLz+8p0k9Xj3zBGpns=; b=aDZWHz/L7jf362Ew/4mFWeou8Xg1HQ6dZz0sdEcuZNApBQLOfqYpxJUWmPv6+RSTHVvj8m19 I0U86aHMpH6ghXEODxd4JRsiVajgnwW6yqfaU9BM3G+Kt9PkU4nS64BxYO96IpY/gMJwsEj5 +LACJCmNo0p3NW91g+lx8+g1Ve8=
domainkey-signature: a=rsa-sha1; c=nofws; d=voip-email.com; s=mx; q=dns; h=Sender: Date: From: Reply-To: To: Message-Id: Subject: Mime-Version: Content-Type: List-Unsubscribe; b=ikQM1i/kKQn+Si0RFUD1UDyUg4eo0Cq9Kgtg2wE3g4rECo0wUEGhT0Xe2yE9zKgyjKDIa4 dK4OVNhwvWTBMq93LDN0zFsvAOCP+U0K6jfSiNoNNTa0KEQi+Yvv0ZLC45gIxFRxXXpwBlVc LRad4yVglkeCiZC+9gUl9iIr3YJII=




Received: from Internal Mail Server (name and Ip address hidden)) by
clientsMail Server (name and Ip address hidden)) with Microsoft SMTP Server (TLS) id
14.1.438.0; Thu, 19 Jan 2017 08:08:30 +0000
Received: from Internal EFA Mail Server (name and Ip address hidden)) by
Internal Mail Server (name and Ip address hidden) with ESMTP (SSL) id
201701190808296419 for <user@user.co.uk>; Thu, 19 Jan
2017 08:08:29 -0000
Received: from Internal Mail Server (name and Ip address hidden) by
Internal efa Mail Server (name and Ip address hidden)(Postfix) with ESMTP id CA39F1000F9 for
<user@user>; Thu, 19 Jan 2017 08:08:13 +0000 (GMT)
Received: from do159-142.mailgun.net ([192.237.159.142]) by
Internal Mail Server (name and Ip address hidden) with ESMTP id IJB59613
for <user@user.co.uk>; Thu, 19 Jan 2017 08:08:13 -0000
Received: from ip-10-0-0-208.ec2.internal
(ec2-52-5-236-237.compute-1.amazonaws.com [52.5.236.237]) by mxa.mailgun.org
with ESMTP id 588073ae.7fe8900cfbb0-smtp-out-n01; Thu, 19 Jan 2017 08:07:10
-0000 (UTC)
From: Amrinder Dhillon <amrinder.dhillon@telephonyvoip.net>
To: user <usery@user.co.uk>
Subject: next week
Thread-Topic: next week
Thread-Index: AQHScis5/HhiSspEGUqIis4u4uG4yw==
Date: Thu, 19 Jan 2017 08:07:10 +0000
Message-ID: <1377206619.1975181.1484813230346.JavaMail.root@ip-10-0-0-208>
List-Unsubscribe: <mailto:unsubscribe@telephonyvoip.net>
Reply-To: Amrinder Dhillon <amrinder.dhillon@telephonyvoip.net>
Content-Language: en-GB
X-MS-Exchange-Organization-AuthSource:client Mail Server (name and Ip address hidden).mm.local
X-MS-Has-Attach:
X-MS-Exchange-Organization-SenderIdResult: Fail
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-PRD: telephonyvoip.net
X-MS-TNEF-Correlator:
received-spf: Fail (client Mail Server (name and Ip address hidden) domain of
amrinder.dhillon@telephonyvoip.net does not designate xxxxxas
permitted sender) receiver=client Mail Server (name and Ip address hidden).local; client-ip=xxxxxx
helo=Internal Mail Server (name and Ip address hidden)
domainkey-signature: a=rsa-sha1; c=nofws; d=telephonyvoip.net; s=pic; q=dns;
h=Sender: Date: From: Reply-To: To: Message-Id: Subject: Mime-Version:
Content-Type: List-Unsubscribe;
b=d7bniDyRMmUkQpWn2q/opTJmTMKV5SLPb9zKDhDgV/LZvQqRouyPI5zVT3oSw7g7ghhzmz
FTY1hlDiX/99G2l6yxO9Oc3TqBInPisE4RnzoNJFeVTg9Vi+ZWuQEt40DYAa8ku1hsViIubl
wEF3Cfvnh1sqHxNiWrtnhvP5QU5w0=
x-spam-status: No
dkim-signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=telephonyvoip.net;
q=dns/txt; s=pic; t=1484813230; h=List-Unsubscribe: Content-Type:
Mime-Version: Subject: Message-Id: To: Reply-To: From: Date: Sender;
bh=MMqb5PpcHhHuxdygwrqGGgQekTbzs8Qvo+WNtQKcB40=;
b=YIDi0VgjdPkIJ68taErnvKddTRjG+5OGGnFir7nCNmqXVdgTMrShdqTAX0kLt/ECx4dYGmJ2
YgUwM4a9w7SfFphNZPXGf/OnXh2UD/eW63HMpC9r8e0ZRa/r1IgRF9wIbGYRwFNTwSyhTJzg
fSPlFmfwM32CmPi8HkDGfVoxtoY=
Content-Type: multipart/alternative;
boundary="_000_137720661919751811484813230346JavaMailrootip1000208_"
MIME-Version: 1.0

What if you block the user instead of the domain?

We tried blocking the user, after we noted that after blacklisting the originals senders address, mail was being received from multiple domains, which is when we then tried to block the user, however this has not been successful

Any further thoughts in respect of this ?