Marc Perkel wrote:
Renaud Allard wrote:Marc Perkel wrote:I have a blacklist and whitelist where you can match the host address. hoztname.hostkarma.junkemailfilter.com 127.0.0.1 = whitelist 127.0.0.2 = blacklistThe sending IPs used by spammers have nothing in common with their domain MXes. They just send from wathever IP they see fit. All they have in common is an MX record for their domain listening at the same IP. So having a blacklist who will be able to tell something like "all domains that have their MXes pointing to this particular IP are spammer domains" would be great.I see what you mean about not having what you want. But what do you want? What is the logic you would use to detect spams? If the senders MX is vacant or matches a blacklist of host names?
I am trying to determine if a blacklist of IP of MXes (not containing the IP sending the spam, but the IP of the MX) exists, and if it would be useful to have such a blacklist.
It seems that some spammers are using newly bought domains with real MX records. Those MXes seem to be only used by these spammers, maybe to bypass callouts or maybe to bypass C/R systems. In my example, there were many domain names used, all new, all having different MXes, but all those MXes resolving to the same IP.
So the idea is: if someone sends me a mail from: [EMAIL PROTECTED] I can verify example.com MX which is mail.example.com which resolves to 1.2.3.4. And if 1.2.3.4 is in the blacklist, I could just deny the mail because it is a known spammer MX IP.
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
