RE: [exim] Damn advertisers that don't get returns. What to …

Top Page
Delete this message
Reply to this message
Author: Sub Zero
Date:  
To: 'Exim-users'
CC: 'Bill Hacker'
Subject: RE: [exim] Damn advertisers that don't get returns. What to do?
Bill Hacker wrote:
> Sub Zero wrote:
>> Return-path: <duyuru@???>
>> Received: from mail.ad.index.com.tr ([195.87.191.10])
>>     by host.elaxxx.com with esmtps (SSLv3:AES256-SHA:256)     (Exim 4.52)
>>     id 1EeukD-0006RP-FK
>>     for yusuf@???; Wed, 23 Nov 2005 15:33:13 +0200
>> Received: from sgunel ([81.215.207.181])


> Chances are you will find there are multiple IP, in a wide range of
> blocks, and the tests above aren't worth the bother and/or all fail.


In fact the only IP address I see here is 195.87.191.10.

> If, so probably best to add *.<each prefix>.com.tr to a blacklist, or
> even *.tr if your user group know few Turks.


Blocking *.tr is an extremely BAD idea. Never ever do that!

> Works here.... Never-ending battle, though, as the phishing or other
> follow-on attack will not come from the same apparent source.


I see that they are now listed in RFC-ignorant.org :)

PS: http://www.rfc-ignorant.org/how_to_domain.php says how to add
RFC-ignorant dnslist to Exim4 here.

<snip>
deny message = $sender_address_domain is listed in $dnslist_domain
($dnslist_text)
dnslists = dsn.rfc-ignorant.org/$sender_address_domain \
postmaster.rfc-ignorant.org/$sender_address_domain
</snip>

Doesn't it ought to have a semicolon ":" before the backslash "\"?