Renaud Allard wrote: > Hello,
>
> I just noticed a tidal wave of mails coming from sales@$randomdomain.tld on a
> couple of mailrelays I manage.
>
> All these mails are obviously spam messages. But they seem to have something in
> common besides the sales@. They either have no MX record, which is great because
> callouts just detect these spams. Or they all have MX pointing to
> mail.$randomdomain.tld which point to the same IP.
>
> Here are a few samples.
> # nslookup
> Name: mail.ruedesabbeysses.com
> Address: 72.232.95.68
> Name: mail.randyschuckman.com
> Address: 72.232.95.68
> Name: mail.promosinternational.com
> Address: 72.232.95.68
> Name: mail.primerentalstore.com
> Address: 72.232.95.68
> Name: mail.prcfoods.com
> Address: 72.232.95.68
>
> So it would be almost trivial to block these spams with a dnsdb ACL call to the
> MX. But there should be a "blacklist" to match the addresses. Does anybody know
> of such a blacklist or is it a great opportunity to create one?
>
> Also what are your opinions about this kind of filtering?
>
> Best Regards
>
>
I have a blacklist and whitelist where you can match the host address.
