One user is getting spam from a distributed sender, from hundreds of different IPs, but the HELO hostnames are invalid. Here is one example...
------ In /var/log/exim_main.log one line...
------- How can I configure Cpanel/Exim to reject email coming from bogus invalid hostnames? I thought the default was to do this. Perhaps my mailserver is misconfigured, but I cannot find the specific option in "Mailserver configuration, Basic or Advanced" to do this.
I see Sender Verification Callouts, which are a different thing and do cause some problems, so we have disabled on purpose. I also have both RBLs on, but they're not filtering this particular spammer out.
Your help is greatly appreciated!
Thanks!
ER
------ In /var/log/exim_main.log one line...
Code:
2014-02-09 05:30:25 1WCSab-0003Fp-E0 <= spamtitle @ domain.com H=(0023f2f2.domain.com) [198.20.98.91]:39483 P=esmtp S=11354 id=741152355880742221
60109 @ q4j3frgw9.domain.com T="Need Financing?" for [email protected]
------ Then I check if the hostname is good, but it's not...
2014-02-09 05:30:25 1WCSab-0003Fp-E0 <= spamtitle @ domain.com H=(0023f2f2.domain.com) [198.20.98.91]:39483 P=esmtp S=11354 id=741152355880742221
[email protected] T="Need spam?" for [email protected]
------ Then I check if the hostname is good, but it's not...
# dig -x 0023f2f2.domain.com
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-20.P1.el5_8.6 <<>> -x 0023f2f2.domain.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18758
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;com.domain.0023f2f2.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
in-addr.arpa. 3192 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2014012551 1800 900 604800 3600
;; Query time: 20 msec
;; SERVER: A.B.C.D#53(A.B.C.D)
;; WHEN: Wed Feb 12 14:46:00 2014
;; MSG SIZE rcvd: 117
#
I see Sender Verification Callouts, which are a different thing and do cause some problems, so we have disabled on purpose. I also have both RBLs on, but they're not filtering this particular spammer out.
Your help is greatly appreciated!
Thanks!
ER
Last edited by a moderator: