How to block ip only mailservers?

Richard G

Richard G

Verified User
Joined
Jul 6, 2008
Messages
13,963
Location
Maastricht
We've never received mail from mailservers having only an ip without a hostname.

Now we see loads of attempts from spammers with helo's like this:
Code: 
 H=([161.10.153.201]) [161.10.153.201]
so no hostname at all.

Most of them are rejected after check by an RBL or for getting a high spam score due to not having an rDNS/PTR>

But is there a way so Exim to just refuse all attempts from mailservers without hostname directly at helo/ehlo maybe?
 
Hello,

Easy Spam Fighter should do the job at ACL CHECK MAIL time.

EASY_NO_REVERSE_IP = 100 - Sender IP must have a reverse IP lookup, or this score is added.
Click to expand...

if you need it at helo/ehlo you are welcome to create and populate either of the following files:

- /etc/exim.acl_check_helo.pre.conf
- /etc/exim.acl_check_helo.post.conf

with your instructions.

I don't have anything of the kind.
 
zEitEr said:
Easy Spam Fighter should do the job at ACL CHECK MAIL time.
Click to expand...
Yes it does, I got a log full of those. :)

I would to just block all ip only mta's at helo time with some customisation so the check didn't need to be done anymore.
But that seems impossible then as it would be too much work to fill either of those files with ip addresses.

Or if either of those files can do that automatically with some scripting part, maybe somebody can help me with that as I'm no scripter and have totally no clue on how to make a correct one.

So I probably will leave it as is then and let ESF catch them.
Thank you.
 
You must log in or register to reply here.
Back
Top