[Exim] Deny up front country codes .tw and .cn inbound?

Top Page
Delete this message
Reply to this message
Author: Kevin
Date:  
To: exim-users
Subject: [Exim] Deny up front country codes .tw and .cn inbound?
I get a ton of spam from hostname.tw type domains. Lots of
hostname.cn ones too.

Since I never get any real mail from those domains, Is there a way to
block ALL incoming mail from a hostname that contains country code of
.tw or .cn? I know that I can do it with message_filter, but I
would like to try to trap this when the host connects before it is
allowed to send the message, like at the time it verifies whether the
rcpt to is valid or not.

A sample log entry below shows that the informaiton is available, I
just don't know what to do with it.

I know I can enter something using message_filter, but that means
that I've already accepted the message and have no real way to inform
the incoming server that we are rejecting them. Most of the
froms and reply to's are bogus anyway.

2001-07-22 16:09:14 15OSLZ-00044t-00 <= jay123@???
H=proxy3.tatung.com.tw [139.223.126.3] U=root P=esmtp S=31474
id=200107222306.HAA18362@???

Resulting header entry in the actual message...

from proxy3.tatung.com.tw ([139.223.126.3] ident=root)
        by myhost.mydomain.com with esmtp (Exim 3.22 #1)
        id 15OSLZ-00044t-00; Sun, 22 Jul 2001 16:09:13 -0700


I've never received a legit piece of email from either country code.

--
Kevin