Ahoj, Dňa Fri, 25 Apr 2025 14:38:03 -0400 Andy Firman via Exim-users <[email protected]> napísal:
> I love the block_hosts feature and it's always worked very well, I have no idea what "block_host feature" is, perhaps something in your config? But that doesn't matter, in this case... > until the Russian spammers (coming out of ruvds.com) started doing > something different. Be very careful with any decision based on GeoIP location, it is a) inaccurate and b) tells nothing about who is behind IP... (BTW my weekly fail2ban stats show ~10 times more IPs from US than from RU, and RU is often not in top 10 countries.) > My question is, why is the block_hosts not working here? You have to realize, that your host (reliably) knows only about two hosts: + your (own) host + connecting (remote) host Nothing more, nothing less. Anything other in Received: headers (except of very first, added by your MTA) is just history, which can be easily faked. And even if the Received: headers are not faked, they are hard to parse, as its content (format) is not strictly defined (and differs in between MTAs). In other words, exim itself does nothing with Received: headers content. Nowadays, doing SPAM filtering based on IP is less than optimal, SPAMs often comes from dozens (hundreds, thousands) compromised hosts and changes IP often (hi clouds). Use dedicated SPAM filter, for small (family) MTA, it can be setup to be very success/strict, exim has support to integrate multiple of them. regards -- Slavko https://www.slavino.sk -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## [email protected] ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
