Thanks for all your input. But some of you missed my point. I admit, the
subject is OT, and I was too lengthy in explanation.
Shorter
We DO accept mail from a trusted host, not under our control. THAT hosts
was tricked to accept spam. To identify this, we have no other choice
than to look at data, and I was especially thinking about "Received
from" headers.
Okay, I think this thread is exhausted, unless you still have some
exceptional idea now.
Sorry for the initial confusion, thanks for your feedback.
Hardy
On 07.10.2016 12:59, Hardy wrote:
Hi folks,
2nd Stage DNS blocking
I could imagine I am not the first with this idea, and there is already
a proper name for it. Let me describe:
We receive spam via the usual MTA chain. Sometimes we receive mail from
(free) mail providers like gmail and yahoo. Sometimes we fetchmail these
latter ones to feed them to our MX.
We only check the connecting server, and in some of the examples above
it might even be trusted. But that one was tricked to take spam before.
Random samples show me: We would not have taken most of the spam from
the intermediate or even originating MTA or sender. I would like to run
these "Received from" addresses against dnslists and/or blacklists in
files.
You obviously cannot do this before the acl data. I am not a regex wiz,
and I think one needs an external script anyway to extract IPs. Hints?
Ideas?
Has anyone done before?
Cheers
Hardy
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
