Hi,
Applying the acl_check_data rules would help.
deny condition = ${if !def:h_Message-ID: {1}}
message = RFC2822 Message-ID required
--
Paul Ooi
On 6/5/2020 3:40 PM, Jacques B. Siboni via Exim-users wrote:
> Thanks for you guys who gave me some useful hints
>
> I still have a spam pattern I can't get rid of. suddenly i receive
> thousands of emails
> which can't even get through
>
> Here is the log pattern:
>
>> 2020-06-04 18:08:41 1jguID-003vM2-Hn <= <> H=router (foo-bar-babar)
>> [<here ip of GW>] P=esmtp K S=4718 id=ngVdwnPUF0006e7a2@foo-bar-babar
>>
>
> (I have replaced the actual string to foo-bar-babar not to give a
>
> hint to the spammer)
>
> I don't know how to catch it. I tried to add it the the blacklist
>
> but maybe as it is not a proper domain name it is not catched
>
> Maybe the question is how to filter the pattern after the
>
> router keyword?
>
> What can you suggest?
>
> Thanks in advance
>
> Jacques
>
>
>