On Thu, 2015-08-27 at 10:35 -0500, Valeri Galtsev wrote:
Me too: I started receiving them from different IP (with much longer delay, so they do add "improvements" to their setup). This IP, has neither DNS A record nor DNS PTR record, but has DNS MX record. One can use these (have your MX stop talking to anything having broken DNS records).
Exim is available from EPEL.
In Exim:
(1) I set one indicator if the host name does not fully resolve (IP to name to IP)
(2) I set another indicator if there is something wrong with the HELO/EHLO name or the name does not resolve to the sender's IP address
(3) I set a third indicator if the SMTP sender = SMTP recipient; or the SMTP recipient is an email address disused because of spam; or the SMTP recipient's host is *not* one of ours
(4) If all 3 indicators set, then:-
* then the email attempt is rejected before the email body (DATA) is received
* a PHP sub-routine is called which creates a fully descriptive internal email and SUDO is invoked to add the IP address to the firewall's monthly blocking list.
Otherwise if the sender = recipient or the recipient is 'wrong' the connection is rejected *before* the message body is accepted from the sender.
-------------
Meanwhile, every incoming email's sender's host is checked against a file containing banned senders' host names and the occasional IP address.
Fight spam by *not* being a passive victim.
Regards,
Paul.