Mike has hit the nail on the head.
As an additional tip, I found for those cheap domains (like .win, .top
etc), using a combination of slightly weighted scoring on the domain
name and SpamAssassins relay geoip module, I was able to eliminate
most spam relatively easily. You'll probably notice that most of the
spam from those domain names originates from Eastern Europe and Asia.
At least in my case, it was absolutely safe to weight those things in
SA, but you will want to test extensively yourself.
On Tue, Nov 28, 2017 at 9:30 AM, Mike Brudenell via Exim-users
<exim-users@???> wrote:
> Hi, Emanuel -
>
> The problem is that you are making a huge assumption: that all emails from
> any something@*.bid sender address will be spam.
>
> If you're really sure you want to assume this and that there will never be
> any legitimate email from such an address then it is better do deny rather
> than discard the message. Discard informs the sending machine that their
> message was delivered successfully, even though you've actually thrown it
> away. This is not good because:
>
> - if a message did happen to be legitimate then the sender is left
> thinking their message has reached the recipient when in fact it hasn't;
> - if the message is some sort of probe or general spam it can lead to
> more messages being sent to your server and wasting your bandwidth and
> resources because the spamming software things the address was valid.
>
> In contrast denying a message returns a 5xx "permanent failure" back to the
> sender, so:
>
> - a legitimate sender gets to see a response that tells them their
> message failed and hasn't reached the recipient, and
> - spamming software might (although it's probably unlikely!) give up on
> that address in the future.
>
> Rather than making wild assumptions about something@*.bid address all being
> spammers, it might be better to use an analysis tool with many weighted
> rules such as SpamAssassin. If you're having a particular problem with spam
> from *.bid domains add a rule to it with a positive weighting to mark the
> message as spam, with at least the chance that the OK characteristics of
> legitimate messages might outweigh the spammy bias and allow them through.
>
> Cheers,
> Mike B-)
>
> On 24 November 2017 at 12:45, Emanuel Gonzalez <emanuel_gonzalez@???
>> wrote:
>
>> Hello.! thanks for your reply.
>>
>>
>> I do not want to block local users but incoming spam.
>>
>>
>> Regards,
>> --
>> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
>> ## Exim details at http://www.exim.org/
>> ## Please use the Wiki with this list - http://wiki.exim.org/
>>
>
>
>
> --
> Systems Administrator & Change Manager
> IT Services, University of York, Heslington, York YO10 5DD, UK
> Tel: +44-(0)1904-323811
>
> Web: www.york.ac.uk/it-services
> Disclaimer: www.york.ac.uk/docs/disclaimer/email.htm
> --
> ## List details at https://lists.exim.org/mailman/listinfo/exim-users
> ## Exim details at http://www.exim.org/
> ## Please use the Wiki with this list - http://wiki.exim.org/
