Re: [exim] 2nd Stage DNS blocking

Top Page
Delete this message
Reply to this message
Author: Marcin Mirosław
Date:  
To: exim-users
Subject: Re: [exim] 2nd Stage DNS blocking
W dniu 07.10.2016 o 12:59, Hardy pisze:
> Hi folks,
>
> 2nd Stage DNS blocking
> I could imagine I am not the first with this idea, and there is already
> a proper name for it. Let me describe:
> We receive spam via the usual MTA chain. Sometimes we receive mail from
> (free) mail providers like gmail and yahoo. Sometimes we fetchmail these
> latter ones to feed them to our MX.
> We only check the connecting server, and in some of the examples above
> it might even be trusted. But that one was tricked to take spam before.
> Random samples show me: We would not have taken most of the spam from
> the intermediate or even originating MTA or sender. I would like to run
> these "Received from" addresses against dnslists and/or blacklists in
> files.
> You obviously cannot do this before the acl data. I am not a regex wiz,
> and I think one needs an external script anyway to extract IPs. Hints?
> Ideas?
> Has anyone done before?


Hi!
User proper tool for proper thing. Use tuned spamassassin or rspamd to
do it. E.g. use SA instance with only rbl rules for lightweit check.
Marcin