Re: [exim] spammers MXes

Top Page
Delete this message
Reply to this message
Author: Ted Cooper
Date:  
To: exim-users
Subject: Re: [exim] spammers MXes
Ted Cooper wrote:
> Renaud Allard wrote:
>> Name: mail.prcfoods.com
>> Address: 72.232.95.68
>>
>> So it would be almost trivial to block these spams with a dnsdb ACL call to the
>> MX. But there should be a "blacklist" to match the addresses. Does anybody know
>> of such a blacklist or is it a great opportunity to create one?
>>
>> Also what are your opinions about this kind of filtering?
>
> I have been looking at these too. They've been around for about 4 months
> and can just as easily be spotted for their crap whois records
> whois promosinternational.com
> Name Server: DNS1.NAME-SERVICES.COM
> Creation Date: 14-oct-2007
> william bromage (wbromage@???) (always @gmail)
>
> These emails never get past the greylisting/host sanity however I've
> been thinking about taking all their information and adding to a
> database which dumps into karmasphere. I just have a few other things on
> my todo pile before I get to that.
>
> The domains are already listed in the Day Old Bread dns list .. most of
> the time.


I just remembered another fun things about this little spammer. He's got
the possibility of setting that IP address to anything he feels like so
there have to be some extra checking to make sure that you aren't going
blacklist yourself or some important customer.

--
The Exim Manual
http://www.exim.org/docs.html
http://www.exim.org/exim-html-current/doc/html/spec_html/index.html