Re: [exim] 2nd Stage DNS blocking

Top Page
This message is part of the following thread:
M+-++\the complete thread tree sorted by date
MM\MMMHardy at <-
MMMJasen Betts at ->
Delete this message
Reply to this message
Author: Marcin Mirosław
Date:  
To: exim-users
Subject: Re: [exim] 2nd Stage DNS blocking
W dniu 07.10.2016 o 12:59, Hardy pisze:
> Hi folks,
>
> 2nd Stage DNS blocking
> I could imagine I am not the first with this idea, and there is already
> a proper name for it. Let me describe:
> We receive spam via the usual MTA chain. Sometimes we receive mail from
> (free) mail providers like gmail and yahoo. Sometimes we fetchmail these
> latter ones to feed them to our MX.
> We only check the connecting server, and in some of the examples above
> it might even be trusted. But that one was tricked to take spam before.
> Random samples show me: We would not have taken most of the spam from
> the intermediate or even originating MTA or sender. I would like to run
> these "Received from" addresses against dnslists and/or blacklists in
> files.
> You obviously cannot do this before the acl data. I am not a regex wiz,
> and I think one needs an external script anyway to extract IPs. Hints?
> Ideas?
> Has anyone done before?

Hi!
User proper tool for proper thing. Use tuned spamassassin or rspamd to
do it. E.g. use SA instance with only rbl rules for lightweit check.
Marcin


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] 2nd Stage DNS blockingRe: [exim] Blocking attachments missing file extension->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)