Bill Hacker wrote: > Sub Zero wrote: >> Return-path: <[EMAIL PROTECTED]> >> Received: from mail.ad.index.com.tr ([195.87.191.10]) >> by host.elaxxx.com with esmtps (SSLv3:AES256-SHA:256) (Exim 4.52) >> id 1EeukD-0006RP-FK >> for [EMAIL PROTECTED]; Wed, 23 Nov 2005 15:33:13 +0200 >> Received: from sgunel ([81.215.207.181]) > Chances are you will find there are multiple IP, in a wide range of > blocks, and the tests above aren't worth the bother and/or all fail.
In fact the only IP address I see here is 195.87.191.10. > If, so probably best to add *.<each prefix>.com.tr to a blacklist, or > even *.tr if your user group know few Turks. Blocking *.tr is an extremely BAD idea. Never ever do that! > Works here.... Never-ending battle, though, as the phishing or other > follow-on attack will not come from the same apparent source. I see that they are now listed in RFC-ignorant.org :) PS: http://www.rfc-ignorant.org/how_to_domain.php says how to add RFC-ignorant dnslist to Exim4 here. <snip> deny message = $sender_address_domain is listed in $dnslist_domain ($dnslist_text) dnslists = dsn.rfc-ignorant.org/$sender_address_domain \ postmaster.rfc-ignorant.org/$sender_address_domain </snip> Doesn't it ought to have a semicolon ":" before the backslash "\"? -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
