roarkh
Verified User
I am wondering if anyone can shed some light on an issue I am having. We are subscribed to a number of spam block lists that help but do not stop all of the spam we receive, so I have been collecting spam from 5 of my users and once a week I have been analyzing it and adding the servers it is coming from to my local bad_sender_hosts_ip file. I can tell by the exim rejectlog that some of the entries are being successfully blocked while others are not.
For example, just this morning I received the following five spam emails that should have been blocked, I have pasted these from the mail headers...
Received: from [208.185.79.36]
Received: from lsj1x5my.karshes.eu ([67.158.231.41])
Received: from b7mixqu.overb.eu ([209.155.194.40])
Received: from [207.8.176.37]
Received: from [216.200.69.111]
I have the following five lines (among others) in bad_sender_hosts_ip which I believe should have blocked the above emails from coming through...
208.185.79.0/24
67.158.231.0/24
209.155.194.0/24
207.8.176.0/24
216.200.69.0/24
Can anyone tell me why some of the entries in the file may work while others do not? Is there any maximum number of lines to the file? If there were some sort of parsing error or something would that be logged somewhere?
Is it possible I am not formatting the file right? Each server or range of servers in cidr format is on a single line so in some cases a line might just have a server ip (e.g. 162.247.77.92) while another line may block an entire class C range, e.g. (216.200.69.0/24). Is this the correct format for that file?
Thank you.
For example, just this morning I received the following five spam emails that should have been blocked, I have pasted these from the mail headers...
Received: from [208.185.79.36]
Received: from lsj1x5my.karshes.eu ([67.158.231.41])
Received: from b7mixqu.overb.eu ([209.155.194.40])
Received: from [207.8.176.37]
Received: from [216.200.69.111]
I have the following five lines (among others) in bad_sender_hosts_ip which I believe should have blocked the above emails from coming through...
208.185.79.0/24
67.158.231.0/24
209.155.194.0/24
207.8.176.0/24
216.200.69.0/24
Can anyone tell me why some of the entries in the file may work while others do not? Is there any maximum number of lines to the file? If there were some sort of parsing error or something would that be logged somewhere?
Is it possible I am not formatting the file right? Each server or range of servers in cidr format is on a single line so in some cases a line might just have a server ip (e.g. 162.247.77.92) while another line may block an entire class C range, e.g. (216.200.69.0/24). Is this the correct format for that file?
Thank you.
