Apologies in advance for what is undoubtedly going to turn out to be a D'oh!
error on my part, but I'm running out of ideas here.
I'm trying to block incoming mail from French snowshoe spammer multi-fax.fr,
who sends mail from a range of IP addresses and changes domain names every day
to try
Just a quick question: have you considered using RDNS blacklist instead? Then
you wouldn't need that many IPs for the same mail host.
Cheers,
Sebastian
On 12.01.2012, at 13:41, Angus McIntyre an...@pobox.com wrote:
Apologies in advance for what is undoubtedly going to turn out to be a
D'oh!
Sebastian Grewe wrote:
Just a quick question: have you considered using RDNS blacklist instead?
Then you wouldn't need that many IPs for the same mail host.
Thanks for the suggestion. But this particular spammer has a different
invented domain name for each IP that they use (vedalcom.net,
Angus McIntyre wrote on 2012-01-12 14:25:
I may end up blocking an entire /24, simply because it seems that they
have most of the IPs in it, and no legitimate traffic that I can see ever
comes from there.
If so, cut it off on your firewall instead. Why bother spamdyke with it.
Regards,
--
I'd probably do this too then. Maybe they it you as an easy target so better
outright block them.
What does Ripe say about those IPs? You might be able to safely block the range
if it's a known spammer range ;-)
Cheers,
Sebastian
On 12.01.2012, at 14:45, Marcin Orlowski car...@wfmh.org.pl
Very strange. Is it possible you're using spamdyke on multiple ports (e.g. 25
and 587) with different configuration files?
If not, it kinda sounds like a whitelist is being hit. There are two things
you can do to find out for sure. First, try increasing your log-level option
to verbose. If