Drop e-mails from wildcard domain

casey

Well-Known Member
Jan 17, 2003
2,303
0
191
I am having a terrible time with a certain spammer. They are sending e-mails from a single domain, but they're using something like 150 subdomains all with different IP addresses to send the spam. I want to block this domain serverwide with all its subdomains as well. Is there some way I can use wildcards in an exim ACL?

I have seen the following code:
Code:
drop senders = [email protected]
       message = Spam or Mail Bombing activity
How can I make that something like [email protected]*.baddomain.com? Can I use an asterisk in there?
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,465
30
473
Go on, have a guess
Look in the exim mailing list I've seen hints that it should work with wilcarding like that. Have a go with what you've posted and see how it goes.
 

RickG

Well-Known Member
Feb 28, 2005
238
2
168
North Carolina
Not certain about using wildcards directly in the ACL, but you can use wildcards in an external file which should accept [email protected]*.baddomain.com

For example:

drop message = Spam or Mail Bombing activity
senders = /etc/sender_blacklist

Or put the following in the first (advanced editor) box:

addresslist sender_blacklist = wildlsearch;/etc/sender_blacklist

And then use:

drop message = Spam or Mail Bombing activity
senders = +sender_blacklist
 

casey

Well-Known Member
Jan 17, 2003
2,303
0
191
Thanks Rick and chirpy. It does work with a wildcard. I used the option Rick suggested of
drop message = Spam or Mail Bombing activity
senders = /etc/sender_blacklist

Of course, I had to create /etc/sender_blacklist. I put [email protected]*.baddomain.com in the file and put the lines above after the accept hosts = : line in the ACL section of the Exim Configuration Editor.
 

mickalo

Well-Known Member
Apr 16, 2002
782
5
318
N.W. Iowa
Thanks Rick and chirpy. It does work with a wildcard. I used the option Rick suggested of
drop message = Spam or Mail Bombing activity
senders = /etc/sender_blacklist

Of course, I had to create /etc/sender_blacklist. I put [email protected]*.baddomain.com in the file and put the lines above after the accept hosts = : line in the ACL section of the Exim Configuration Editor.
what is the format used in the "sender_blacklist" file .... one address per line ?? We've had this problem occassionally and think this may help added this. just wanted to make sure of the file format used.

thx's
Mickalo