Hi
you can do something like this:
drop condition = ${if match{bad.mx.host.name}${lookup
dnsdb{>:defer_never,mxh=$sender_address_domain}}
El 22/01/2025 a las 6:24, Martin Waschbüsch via Exim-users escribió:
Hi all,
I noticed that loads of Spam comes my way from addresses with this kind
of pattern:
[email protected]
All parts of that pattern seem to randomly change (though currently I
mostly see the .shop TLD used 95% of the time.)
Sending IPs are all over the place.
Initially, I tried using regex to block this kind of thing, but there
have been a couple of false positives.
Looking more closely, I found that all the sending domains I tested had
one common attribute: their MX points to the same fqdn.
Is it possible to use that information to block incoming mail from any
and all domains having that same MX entry? And if so, how can I achieve
that?
Best,
Martin
--
Saludos ...
----------------------------------------------------------------
David Saez
On-Line Services 2000 S.L.
https://www.ols.es
----------------------------------------------------------------
--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## [email protected]
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
