Re: [exim] spammers MXes

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMRenaud Allard at <-
MMRenaud Allard at ->
Delete this message
Reply to this message
Author: Marc Perkel
Date:  
To: Renaud Allard
CC: exim-users
Subject: Re: [exim] spammers MXes


Renaud Allard wrote:
> Hello,
>
> I just noticed a tidal wave of mails coming from sales@$randomdomain.tld on a
> couple of mailrelays I manage.
>
> All these mails are obviously spam messages. But they seem to have something in
> common besides the sales@. They either have no MX record, which is great because
> callouts just detect these spams. Or they all have MX pointing to
> mail.$randomdomain.tld which point to the same IP.
>
> Here are a few samples.
> # nslookup
> Name: mail.ruedesabbeysses.com
> Address: 72.232.95.68
> Name: mail.randyschuckman.com
> Address: 72.232.95.68
> Name: mail.promosinternational.com
> Address: 72.232.95.68
> Name: mail.primerentalstore.com
> Address: 72.232.95.68
> Name: mail.prcfoods.com
> Address: 72.232.95.68
>
> So it would be almost trivial to block these spams with a dnsdb ACL call to the
> MX. But there should be a "blacklist" to match the addresses. Does anybody know
> of such a blacklist or is it a great opportunity to create one?
>
> Also what are your opinions about this kind of filtering?
>
> Best Regards
>
>

I have a blacklist and whitelist where you can match the host address.

hoztname.hostkarma.junkemailfilter.com

127.0.0.1 = whitelist
127.0.0.2 = blacklist



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] mp3 spam - talk about bandwidth[exim] verify sender as valid user or user in whitelist not working->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)