MopeyGecko
Verified User
- Joined
- Apr 6, 2022
- Messages
- 36
I'm receiving spam from mellifluousgossamer.autos even though I have *.autos in bad_sender_hosts. Mail is received from 70.102.103.120
I ran some tests using;
And it doesn't seem to be getting checked against the bad_sender_hosts line entries like other spam I have tested against.
However, something that stands out in the exam processing test is.
Am I right in thinking because a reverse lookup on 70.102.103.120 doesn't find a hostname that bad_sender_hosts will fail? Shouldn't it fail the bad_sender_hosts check regardless of this lookup?
Aside from the bad_sender_hosts issue however I also see this in testing
Which indicates to me it should have been blocked by spamhaus in any case or does this just mean it may have been added to the spamhaus list after I received the email but before my exim tests?
My exim.conf is the default provided by the latest DirectAdmin install
I know I could add 70.102.103.120 to bad_sender_hosts_ip but they keep hopping IPs so would like to block the hostnames for *.autos
Thanks
Andy
I ran some tests using;
Code:
exim -bh 70.102.103.120
HELO mail.mellifluousgossamer.autos
MAIL FROM:[email protected]
RCPT TO:[email protected]And it doesn't seem to be getting checked against the bad_sender_hosts line entries like other spam I have tested against.
However, something that stands out in the exam processing test is.
Code:
>>> processing "deny" (/etc/exim.conf 462)
>>> message: 554 denied. 5.7.1 Host Blocked due to SPAM
>>> check domains = +use_rbl_domains
>>> mydomain.com in "+use_rbl_domains"? yes (matched "+use_rbl_domains" - cached)
>>> check domains = !+skip_rbl_domains
>>> mydomain.com in "!+skip_rbl_domains"? yes (end of list)
>>> check hosts = !+skip_rbl_hosts : !+skip_rbl_hosts_ip
>>> host in ""? no (end of list)
>>> host in ""? no (end of list)
>>> host in "!+skip_rbl_hosts : !+skip_rbl_hosts_ip"? yes (end of list)
>>> check hosts = +bad_sender_hosts
>>> sender host name required, to match against nwildlsearch;/etc/virtual/bad_sender_hosts
>>> host in "nwildlsearch;/etc/virtual/bad_sender_hosts"? no (failed to find host name for 70.102.103.120)
>>> host in "+bad_sender_hosts"? no (end of list)
>>> deny: condition test failed in ACL "acl_check_recipient"Am I right in thinking because a reverse lookup on 70.102.103.120 doesn't find a hostname that bad_sender_hosts will fail? Shouldn't it fail the bad_sender_hosts check regardless of this lookup?
Aside from the bad_sender_hosts issue however I also see this in testing
Code:
550 Email blocked by zen.spamhaus.org (127.0.0.3)
LOG: H=(mail.mellifluousgossamer.autos) [70.102.103.120] F=<[email protected]> rejected RCPT [email protected]: Email blocked by zen.spamhaus.org (127.0.0.3)Which indicates to me it should have been blocked by spamhaus in any case or does this just mean it may have been added to the spamhaus list after I received the email but before my exim tests?
My exim.conf is the default provided by the latest DirectAdmin install
I know I could add 70.102.103.120 to bad_sender_hosts_ip but they keep hopping IPs so would like to block the hostnames for *.autos
Thanks
Andy
