Renaud Allard wrote: > Hello, > > I just noticed a tidal wave of mails coming from [EMAIL PROTECTED] on a > couple of mailrelays I manage. > > All these mails are obviously spam messages. But they seem to have something > in > common besides the [EMAIL PROTECTED] They either have no MX record, which is > great because > callouts just detect these spams. Or they all have MX pointing to > mail.$randomdomain.tld which point to the same IP. > > Here are a few samples. > # nslookup > Name: mail.ruedesabbeysses.com > Address: 72.232.95.68 > Name: mail.randyschuckman.com > Address: 72.232.95.68 > Name: mail.promosinternational.com > Address: 72.232.95.68 > Name: mail.primerentalstore.com > Address: 72.232.95.68 > Name: mail.prcfoods.com > Address: 72.232.95.68 > > So it would be almost trivial to block these spams with a dnsdb ACL call to > the > MX. But there should be a "blacklist" to match the addresses. Does anybody > know > of such a blacklist or is it a great opportunity to create one? > > Also what are your opinions about this kind of filtering?
I have been looking at these too. They've been around for about 4 months and can just as easily be spotted for their crap whois records whois promosinternational.com Name Server: DNS1.NAME-SERVICES.COM Creation Date: 14-oct-2007 william bromage ([EMAIL PROTECTED]) (always @gmail) These emails never get past the greylisting/host sanity however I've been thinking about taking all their information and adding to a database which dumps into karmasphere. I just have a few other things on my todo pile before I get to that. The domains are already listed in the Day Old Bread dns list .. most of the time. -- The Exim Manual http://www.exim.org/docs.html http://www.exim.org/exim-html-current/doc/html/spec_html/index.html -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
