filter by domain list by server
- Thread starter akadi81
- Start date
Richard G
Verified User
Why not? Those two files should be doing the trick, but you have to restart Exim after adjusting them.
I don't know which method you're using. I always look at who is doing the helo/ehlo and then I block that ip in either csf or the bad_sender_hosts_ip file, or just block the CIDR in one of both.
The bad_sender_hosts file is only for hostnames (so not email adresses or domain names.
For domain names you could try the blacklist_domains and blacklist_senders files.
I restart EXIM after every modification.
Tell me how to filter this spam?
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from server2.ice.ro
by server2.ice.ro with LMTP
id oyVPHYLjGmVgMhgAAjWIbA
(envelope-from <[email protected]>)
for <[email protected]>; Mon, 02 Oct 2023 18:36:34 +0300
Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Mon, 02 Oct 2023 18:36:34 +0300
Received: from mail.embervax.club ([192.236.154.207])
by server2.ice.ro with esmtp (Exim 4.96-58-g4e9ed49f8)
(envelope-from <[email protected]>)
id 1qnKyH-006emN-1W
for [email protected];
Mon, 02 Oct 2023 18:36:34 +0300
Received: from mail.tanqhat.com ([141.98.6.111]) by embervax.club with
MailEnable ESMTPA; Mon, 2 Oct 2023 04:34:44 +0000
Should i filter mail.tanqhat.com? Or mail.embervax.club? or just embervax.club?
Filtering proton.me could be a mistake... but i am ready to filter that too.
192.236.154.207 or 141.98.6.111? Or both?
What files should i modify?
There are no examples in directadmin.
Thank you.
Tell me how to filter this spam?
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from server2.ice.ro
by server2.ice.ro with LMTP
id oyVPHYLjGmVgMhgAAjWIbA
(envelope-from <[email protected]>)
for <[email protected]>; Mon, 02 Oct 2023 18:36:34 +0300
Return-path: <[email protected]>
Envelope-to: [email protected]
Delivery-date: Mon, 02 Oct 2023 18:36:34 +0300
Received: from mail.embervax.club ([192.236.154.207])
by server2.ice.ro with esmtp (Exim 4.96-58-g4e9ed49f8)
(envelope-from <[email protected]>)
id 1qnKyH-006emN-1W
for [email protected];
Mon, 02 Oct 2023 18:36:34 +0300
Received: from mail.tanqhat.com ([141.98.6.111]) by embervax.club with
MailEnable ESMTPA; Mon, 2 Oct 2023 04:34:44 +0000
Should i filter mail.tanqhat.com? Or mail.embervax.club? or just embervax.club?
Filtering proton.me could be a mistake... but i am ready to filter that too.
192.236.154.207 or 141.98.6.111? Or both?
What files should i modify?
There are no examples in directadmin.
Thank you.
Richard G
Verified User
This is the one you got the mail from.
and
I would block both.
Look, mail.xxx.com are hostnames, so you can put these both in the /etc/virtual/bad_sender_hosts file.
However I have some topic open that in some cases this file does not work.
So i would also use the /etc/virtual/blacklist_senders and add the [email protected] in there too.
Next to that you could report them to spamcop.net and if the same ip addresses appear, block the complete ASN of the host sending the mails.