Bill Hacker wrote:
> Sub Zero wrote:
>> Return-path: <duyuru@???>
>> Received: from mail.ad.index.com.tr ([195.87.191.10])
>> by host.elaxxx.com with esmtps (SSLv3:AES256-SHA:256) (Exim 4.52)
>> id 1EeukD-0006RP-FK
>> for yusuf@???; Wed, 23 Nov 2005 15:33:13 +0200
>> Received: from sgunel ([81.215.207.181])
> Chances are you will find there are multiple IP, in a wide range of
> blocks, and the tests above aren't worth the bother and/or all fail.
In fact the only IP address I see here is 195.87.191.10.
> If, so probably best to add *.<each prefix>.com.tr to a blacklist, or
> even *.tr if your user group know few Turks.
Blocking *.tr is an extremely BAD idea. Never ever do that!
> Works here.... Never-ending battle, though, as the phishing or other
> follow-on attack will not come from the same apparent source.
I see that they are now listed in RFC-ignorant.org :)
PS:
http://www.rfc-ignorant.org/how_to_domain.php says how to add
RFC-ignorant dnslist to Exim4 here.
<snip>
deny message = $sender_address_domain is listed in $dnslist_domain
($dnslist_text)
dnslists = dsn.rfc-ignorant.org/$sender_address_domain \
postmaster.rfc-ignorant.org/$sender_address_domain
</snip>
Doesn't it ought to have a semicolon ":" before the backslash "\"?
