[exim] 2nd Stage DNS blocking

Top Page
This message is part of the following thread:
M+-++\the complete thread tree sorted by date
MM\MMM 
MMMMarcin Mirosław at ->
Delete this message
Reply to this message
Author: Hardy
Date:  
To: exim-users
Subject: [exim] 2nd Stage DNS blocking
Hi folks,

2nd Stage DNS blocking
I could imagine I am not the first with this idea, and there is already
a proper name for it. Let me describe:
We receive spam via the usual MTA chain. Sometimes we receive mail from
(free) mail providers like gmail and yahoo. Sometimes we fetchmail these
latter ones to feed them to our MX.
We only check the connecting server, and in some of the examples above
it might even be trusted. But that one was tricked to take spam before.
Random samples show me: We would not have taken most of the spam from
the intermediate or even originating MTA or sender. I would like to run
these "Received from" addresses against dnslists and/or blacklists in files.
You obviously cannot do this before the acl data. I am not a regex wiz,
and I think one needs an external script anyway to extract IPs. Hints?
Ideas?
Has anyone done before?

Cheers
Hardy

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] Blocking attachments missing file extensionRe: [exim] 2nd Stage DNS blocking->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)