2

I use Thunderbird for my email. As of lately, I'm constantly receiving plenty of spam from the same block of IP addresses. I cannot block them at the firewall (neither my own PC's firewall, nor the company) because the mail server is outside our network.

Asking the email provider to block the address range using their firewall is beyond my payroll - I cannot convince my manager of the need or usefulness of asking the email provider to do just that. Especially since, right now, I seem to be the only user receiving this cascade of spam.

Blocking by source domain is useless, as they're always using fake domains which don't even exist, but the source IP is clear:

  • mail.tipoxco.com ([45.117.159.33])
  • send.frishmusic.com ([45.117.159.32])
  • db.carlascookbook.com ([45.117.159.23])
  • server.eastburnart.com ([45.117.159.24])

Among many others, dozens per day. None of those pages exist, whois says that block of addresses is used by a company in Vietnam (a company dedicated fully to spamming, it seems?).

So I want to know: how can I create a filter by source mail IP in Thunderbird, so all the emails from 45.117.159.* go straight into Junk? (or better yet - so they get deleted immediately without me having to do that manually).

I'm willing to code my own scripts or install special add-ons if needs be, whatever. I just want to know which way can this be done, no matter if it's difficult or not so straight forward.

Improve this question

1 Answer 1

Reset to default
3

  1. To create a filter in Thunderbird, highlight the Inbox to filter and then select Tools → Message Filters.

  2. In the Filter Rules dialog box, enter a filter name (e.g. Spam Filter).

  3. Under the matching section, select Match any of the following. Add a rule for each set of IP addresses to filter (e.g. 45.117.159.*).

  4. Under your first rule, select the matching criteria dropdown (default "Subject"). Scroll to the bottom of the list and select Customize....

  5. In the Customize Headers dialog, select the field marked New message header. Type the name of the custom message header to filter (the one which contains the malicious address) and click Add. This will add the header name as an option in the standard filter criteria dropdown list.

    Note: Since different mail servers add different headers, you will have to look at the headers for the spam you receive to see which one contains the originating IP you determined to be an issue.

  6. Under each matching rule, select the correct custom matching header from the bottom of the criteria dropdown (default "Subject", as noted earlier). Make sure the rule is a contains rule (default) and add the IP range to filter in the criteria field. As @fixer1234 points out in the comments, you simply need to match the first three octets (e.g. 45.117.159) to exclude your examples.

  7. In the Perform these actions: area of the Filter Rules, you can either send the items to a folder of your choosing (e.g. Spam or Trash -- recommended) or you can select the option to simply Delete Messages matching the criteria.

Improve this answer
5
  • 2
    On step 3, couldn't you just use 45.117.159. to match anything in the block range (treat it as a text match)?
    – fixer1234
    Commented Oct 25, 2017 at 4:50
  • @fixer1234 Lol! Derp derp! Yes, you are exactly right. You don't even need the trailing dot apparently. =)
    – Anaksunaman
    Commented Oct 25, 2017 at 5:06
  • Worked like a charm, thank you so very much. Wish there were a more intuitive way to do this in Thunderbird, but at least there is one :-)
    – Joe Pineda
    Commented Nov 14, 2017 at 16:32
  • Your very welcome. Definitely not intuitive, as you say, but glad it helps solve the problem =)
    – Anaksunaman
    Commented Nov 14, 2017 at 22:00
  • Worked for me too. I picked up a really insidious spammer, constantly changed his domain, but not his ip address. It was great to finally block him.
    – mikekehrli
    Commented Mar 24, 2023 at 20:39

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .