Exim Wildcard Block By Hostname ?

[hmniels]

Hi All,

I recieve a lot of phising/ scam emails from a german (?) network which can be identified by hostname "*.zap-srv.com" like this:
2022-02-06 17:17:00 H=vps-zap877890-1.zap-srv.com (vps-zap65083-6) [193.23.161.212]

Would it be possible to block the whole network/ hostname as a wildcard ?
I tried several things like:
(/etc/virtual/blacklist_domains)
*.zap-srv.com
*zap-srv.com
*@*.zap-srv.com

But without any success, any ideas how i can block by hostname ?

 

[Active8]

Why don't you block the IP address ? or block the whole subnet ?

 

[Richard G]

I tried several things like:

The blacklist_domains file is for domains in mailbox names.

For sending servers use:
/etc/virtual/bad_sender_hosts and /etc/virtual/bad_sender_ip

don't forget to restart or reload exim after changing.

Or just do what Active8 advised, block ip or subnet.

 

[hmniels]

Many thanks you both! I'll go for the bad_sender_hosts option.
(They have many ip-ranges in many different subnets.)