Renaud Allard wrote: > Hello, > > I just noticed a tidal wave of mails coming from [EMAIL PROTECTED] on a > couple of mailrelays I manage. > > All these mails are obviously spam messages. But they seem to have something > in > common besides the [EMAIL PROTECTED] They either have no MX record, which is > great because > callouts just detect these spams. Or they all have MX pointing to > mail.$randomdomain.tld which point to the same IP. > > Here are a few samples. > # nslookup > Name: mail.ruedesabbeysses.com > Address: 72.232.95.68 > Name: mail.randyschuckman.com > Address: 72.232.95.68 > Name: mail.promosinternational.com > Address: 72.232.95.68 > Name: mail.primerentalstore.com > Address: 72.232.95.68 > Name: mail.prcfoods.com > Address: 72.232.95.68 > > So it would be almost trivial to block these spams with a dnsdb ACL call to > the > MX. But there should be a "blacklist" to match the addresses. Does anybody > know > of such a blacklist or is it a great opportunity to create one? > > Also what are your opinions about this kind of filtering? > > Best Regards > >
I have a blacklist and whitelist where you can match the host address. hoztname.hostkarma.junkemailfilter.com 127.0.0.1 = whitelist 127.0.0.2 = blacklist -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
