Am 22.01.25 um 07:25 schrieb Slavko via Exim-users:
Dňa 22. 1. o 6:24 Martin Waschbüsch via Exim-users napísal(a):
Looking more closely, I found that all the sending domains I tested
had one common attribute: their MX points to the same fqdn.
Is it possible to use that information to block incoming mail from
any and all domains having that same MX entry? And if so, how can I
achieve that?
I have something as this:
condition = ${if def:sender_address_domain}
condition = ${if forany{${lookup \
dnsdb{>: defer_never,mxh=$sender_address_domain}}} \
{match_domain{$item}{/CONFDIR/db/block_mx}}}
Put it into ACL MAIL or later, and into block_mx add any domain list
entry, including regexes and wildcards, but...
...be careful with adding entries, i see abused MX hosts, used not only
by spammers (but here only SPAMs with this MX host). I have **only one**
entry in that list, try to find something more exclusive in these mails,
or just use it for scoring...
regards
Thank you!
And yes, this is not something to use lightly, but there are literally
several hundred fake domains I identified all using this one MX... I am
quite sure in this instance. ;-)
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## [email protected]
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
