Re: [exim] IPs which spam for many, many, domains

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users @ exim. org
Subject: Re: [exim] IPs which spam for many, many, domains
Alan J. Flavell wrote:
> There are certain IPs which are registered via MX records for
> hundreds, or thousands, of domains under the control of a spammer.
> Some of these indeed seem to be operated by spammers who create new
> domains on a production-line basis.
>


> lookuphost:
>   driver = dnslookup
>   qualify_single = false
>   domains = ! +local_domains
>   ignore_target_hosts = 127.0.0.0/8 : CONFIG_DIR/bogon-bn-agg.txt \
>                          : CONFIG_DIR/ignore_spammers
>   transport = remote_smtp

>
>
> This not only prevents incoming mail from being accepted from them
> (because "verify sender" is caused to fail as a consequence) - it also
> causes any attempt by our users to communicate with these domains to
> be treated as bogons and failed.
>
>
> But that's a bit crude - it means that any attempt to communicate will
> fall through that router, and be handled by the unknown_domain router,
> which produces the report:


> So I'm looking for a some way to disambiguate these reports. If we
> stay with the same mechanism, I suppose we can insert an extra router
> before the unknown_domains, which is only activated for IP entries in
> the ignore_spammers list, and produces a more-appropriate error
> report.


Wouldn't it be clearer to reject in your mail acl, on
$sender_host_address matching your file?

- Jeremy