blacklist_domains not working?

Richard G

Verified User
Joined
Jul 6, 2008
Messages
12,560
Location
Maastricht
Or am I doing something wrong?

We're getting a lot of spam coming form or via Amazonaws.com and it keeps coming. So we decided to block this in the /etc/virtual/blacklist_domains file like this:
Code:
*.amazonaws.com
And ofcourse restarted or reloaded Exim.

So we thought it would blacklist all mail originating from mailservers with a helo of amazonaws.com but it doesn't as can be seen from the log:
Code:
2018-12-06 14:15:38 1gUtV8-0002hl-6m <= [email protected] H=ec2-3-16-194-57.us-east-2.compute.amazonaws.com (mta2.rdr2.icu) [3.16
.194.57] P=esmtp S=7403 T="Slank, slank, Smart Skylink Is hier om GRATIS LIVE HD-tv te bieden!" from <[email protected]> for user
@domain.nl
2018-12-06 14:15:38 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1gUtV8-0002hl-6m
2018-12-06 14:15:38 1gUtV8-0002hl-6m => user <[email protected]> F=<[email protected]> R=virtual_user T=dovecot_lmtp_udp S=7670
C="250 2.0.0 <[email protected]> 3lt3HvogCVyTJQAADNWw8g Saved"
Now the mta is from .icu but the Helo, the H= still says amazonaws.com and even the ip used resolves to it.

Now I have 2 questions.

1.) Why is this not working, or am I doing something wrong?
2.) There is also the bad_sender_hosts_ip file. Just to be sure... I can use CIDR in there like xxx.xxx.xxx.xxx/24 correct?
 
Anybody?

If not I have to send in a ticket, because I also blocked things like .club which are also coming through.
 
I have a pretty large blacklist_domains file on my servers, and it seems to work correct for me. Maybe you should double check the permissions on the blacklist_domains file? On my CentOS 7 servers it has owner/group set to mail mail , and 644 file permission.
 
Thank you Ditto.

I checked and owner and permissions are correct.

Can you confirm that this is the correct way to put entry's in the file?
Code:
*.bid
*.co.jp
*.date
*.evisoraya.com
*.xyz
*.amazonaws.com
*.club
*.icu
 
Back
Top