Richard G
Verified User
Or am I doing something wrong?
We're getting a lot of spam coming form or via Amazonaws.com and it keeps coming. So we decided to block this in the /etc/virtual/blacklist_domains file like this:
And ofcourse restarted or reloaded Exim.
So we thought it would blacklist all mail originating from mailservers with a helo of amazonaws.com but it doesn't as can be seen from the log:
Now the mta is from .icu but the Helo, the H= still says amazonaws.com and even the ip used resolves to it.
Now I have 2 questions.
1.) Why is this not working, or am I doing something wrong?
2.) There is also the bad_sender_hosts_ip file. Just to be sure... I can use CIDR in there like xxx.xxx.xxx.xxx/24 correct?
We're getting a lot of spam coming form or via Amazonaws.com and it keeps coming. So we decided to block this in the /etc/virtual/blacklist_domains file like this:
Code:
*.amazonaws.com
So we thought it would blacklist all mail originating from mailservers with a helo of amazonaws.com but it doesn't as can be seen from the log:
Code:
2018-12-06 14:15:38 1gUtV8-0002hl-6m <= [email protected] H=ec2-3-16-194-57.us-east-2.compute.amazonaws.com (mta2.rdr2.icu) [3.16
.194.57] P=esmtp S=7403 T="Slank, slank, Smart Skylink Is hier om GRATIS LIVE HD-tv te bieden!" from <[email protected]> for user
@domain.nl
2018-12-06 14:15:38 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1gUtV8-0002hl-6m
2018-12-06 14:15:38 1gUtV8-0002hl-6m => user <[email protected]> F=<[email protected]> R=virtual_user T=dovecot_lmtp_udp S=7670
C="250 2.0.0 <[email protected]> 3lt3HvogCVyTJQAADNWw8g Saved"
Now I have 2 questions.
1.) Why is this not working, or am I doing something wrong?
2.) There is also the bad_sender_hosts_ip file. Just to be sure... I can use CIDR in there like xxx.xxx.xxx.xxx/24 correct?