[exim] spammers MXes

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MM 
MMMarc Perkel at ->
Delete this message
Reply to this message
Author: Renaud Allard
Date:  
To: exim-users
Subject: [exim] spammers MXes
Hello,

I just noticed a tidal wave of mails coming from sales@$randomdomain.tld on a
couple of mailrelays I manage.

All these mails are obviously spam messages. But they seem to have something in
common besides the sales@. They either have no MX record, which is great because
callouts just detect these spams. Or they all have MX pointing to
mail.$randomdomain.tld which point to the same IP.

Here are a few samples.
# nslookup
Name: mail.ruedesabbeysses.com
Address: 72.232.95.68
Name: mail.randyschuckman.com
Address: 72.232.95.68
Name: mail.promosinternational.com
Address: 72.232.95.68
Name: mail.primerentalstore.com
Address: 72.232.95.68
Name: mail.prcfoods.com
Address: 72.232.95.68

So it would be almost trivial to block these spams with a dnsdb ACL call to the
MX. But there should be a "blacklist" to match the addresses. Does anybody know
of such a blacklist or is it a great opportunity to create one?

Also what are your opinions about this kind of filtering?

Best Regards

--
010100100110010101101110011000010111010101100100
010000010110110001101100011000010111001001100100
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Using "or" in ACL condition statementRe: [exim] mp3 spam - talk about bandwidth->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)