Re: [exim] spammers MXes

Top Page
Delete this message
Reply to this message
Author: Marc Perkel
Date:  
To: Renaud Allard
CC: exim-users
Subject: Re: [exim] spammers MXes


Renaud Allard wrote:
> Hello,
>
> I just noticed a tidal wave of mails coming from sales@$randomdomain.tld on a
> couple of mailrelays I manage.
>
> All these mails are obviously spam messages. But they seem to have something in
> common besides the sales@. They either have no MX record, which is great because
> callouts just detect these spams. Or they all have MX pointing to
> mail.$randomdomain.tld which point to the same IP.
>
> Here are a few samples.
> # nslookup
> Name: mail.ruedesabbeysses.com
> Address: 72.232.95.68
> Name: mail.randyschuckman.com
> Address: 72.232.95.68
> Name: mail.promosinternational.com
> Address: 72.232.95.68
> Name: mail.primerentalstore.com
> Address: 72.232.95.68
> Name: mail.prcfoods.com
> Address: 72.232.95.68
>
> So it would be almost trivial to block these spams with a dnsdb ACL call to the
> MX. But there should be a "blacklist" to match the addresses. Does anybody know
> of such a blacklist or is it a great opportunity to create one?
>
> Also what are your opinions about this kind of filtering?
>
> Best Regards
>
>


I have a blacklist and whitelist where you can match the host address.

hoztname.hostkarma.junkemailfilter.com

127.0.0.1 = whitelist
127.0.0.2 = blacklist