How on earth do I block something hidden by ENOM?

[edjones]

From my research, ENOM has a Zero Tolerance Policy regarding Spam. They also seem to enforce it ZERO percent of the time.

One of my clients is getting 100 emails a day from a spammer already listed in ROKSO. One of the domains he received spam from is here: http://intodns.com/maltawurly.com

Notice the "name-services.com" DNS. I checked through his records, and there's about 50 domains all sending the same sort of stuff to him over and over. Name-services.com belongs to ENOM, who seem to care little or nothing regarding their service being utilized for mass spamming. I'm using ConfigServer for a firewall, and it's working quite well (thanks Zeiter) but configserver doesn't seem to do much about spam. I'm also utilizing RBL's, but they're not catching these emails either.

Am I missing a setting in EXIM or something? Or am I missing something on the admin or reseller control panel?

 

[Arieh]

I'm not sure but it looks like you're only looking at the registar/dns provider. If I resolve the domain it points to 173.234.145.186 which is actually listed (and not hosted by Enom as far as I can see): http://mxtoolbox.com/SuperTool.aspx?action=blacklist:173.234.145.186&run=toolpage

You could add one of those who have listed the address in Exim, like Spamhaus is already there.

Spamcop is a popular one, but http://www.barracudacentral.org/rbl this one too (you only have to register and submit your IPs so you won't get rate limited).

 

[nobaloney]

Am I missing a setting in EXIM or something? Or am I missing something on the admin or reseller control panel?

As Arieh poiints out, you can add other blockliss, at least some of which block this particlar spammer.

If you've got your exim.conf file configured properly and use the files in /etc/virtual correctly, then you can also add the bad IP# to /etc/virtual/bad_sender_hosts_ip.

That's probably the simplest way, if otherwise your blocking works for you.

Jeff