[exim] spammers MXes

Góra strony
Delete this message
Reply to this message
Autor: Renaud Allard
Data:  
Dla: exim-users
Temat: [exim] spammers MXes
Hello,

I just noticed a tidal wave of mails coming from sales@$randomdomain.tld on a
couple of mailrelays I manage.

All these mails are obviously spam messages. But they seem to have something in
common besides the sales@. They either have no MX record, which is great because
callouts just detect these spams. Or they all have MX pointing to
mail.$randomdomain.tld which point to the same IP.

Here are a few samples.
# nslookup
Name: mail.ruedesabbeysses.com
Address: 72.232.95.68
Name: mail.randyschuckman.com
Address: 72.232.95.68
Name: mail.promosinternational.com
Address: 72.232.95.68
Name: mail.primerentalstore.com
Address: 72.232.95.68
Name: mail.prcfoods.com
Address: 72.232.95.68

So it would be almost trivial to block these spams with a dnsdb ACL call to the
MX. But there should be a "blacklist" to match the addresses. Does anybody know
of such a blacklist or is it a great opportunity to create one?

Also what are your opinions about this kind of filtering?

Best Regards

--
010100100110010101101110011000010111010101100100
010000010110110001101100011000010111001001100100