Hi, recently i start to get medical SPAMs, every message is slighty different, they use group of different sender domains and different sender IPs (even from multiple net blocks). Body is simillar, but about different products. I have no problem to filter them in rspamd, thus i have no problem with these incoming messages.
What i have problem is DMARC reports for them. All their domains points to different MX name (with the same pattern, something as _dc-mx.random_string.domain.tld) which points to the same IP, which always respond with 421 on connect, i guess that it is intentionally. I want to reject these (my) DMARC reports, but i cannot add all their domains into rspamd/exim, as they are changing, thus it will be never ending work. Instead i want to prevent/reject sending reports which have to end in that (MX's) IP. For now i add that IP to ignore_target_hosts in dnslookup router. It works, but it does more than i want, as for now these SPAMs are rejected at receive, because sender verification (without callout) fails. I know, that i can add option to not use that router for verification, but then verification will fail for all senders, as it is last router for remote domains. I know that i can disable that verification at all, but it works fain and i want it. Please, how i can ensure, that message will be accepted (to rspamd can learn reputation, bayes, etc from it), but then discard/reject particular DMARC reports based on target MX's IP? Exists some simple solution, (which i miss) to create something as dnslookup router which will reject? Or need i something in ACL (and dnsdb) for that? regards -- Slavko https://www.slavino.sk/ -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/