On 2016-10-07, Hardy <[email protected]> wrote: > Hi folks, > > 2nd Stage DNS blocking
Let me describe: > We receive spam via the usual MTA chain. Sometimes we receive mail from > (free) mail providers like gmail and yahoo. Sometimes we fetchmail these > latter ones to feed them to our MX. > We only check the connecting server, and in some of the examples above > it might even be trusted. But that one was tricked to take spam before. > Random samples show me: We would not have taken most of the spam from > the intermediate or even originating MTA or sender. I would like to run > these "Received from" addresses against dnslists and/or blacklists in files. > You obviously cannot do this before the acl data. I am not a regex wiz, > and I think one needs an external script anyway to extract IPs. Hints? > Ideas? > Has anyone done before? Barracuda spam firewall does this, which can be a problem for road warriors. see also RFC5321 section 3.7.2 "Received:" header fields of messages originating from other environments may not conform exactly to this specification. However, the most important use of Received: lines is for debugging mail faults, and this debugging can be severely hampered by well-meaning gateways that try to "fix" a Received: line. As another consequence of trace header fields arising in non-SMTP environments, receiving systems MUST NOT reject mail based on the format of a trace header field and SHOULD be extremely robust in the light of unexpected information or formats in those header fields. Doesn't say you can't reject based on _content_ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
