[CentOS] please block user

Thu Aug 27 13:21:45 UTC 2015
Lamar Owen <lowen at pari.edu>

On 08/26/2015 09:01 PM, Always Learning wrote:
> I've blocked the spammer's host name (*.loverhearts.com) on my Exim.
> Shouldn't your organisation, and others too, do the same or similar ?

That is of course up to the individual organization.  I use several 
DNSBLs, and I did not receive any of the spam.  Actually, I've gotten 
more unwanted messages about the spam than actual spam from any source 
yesterday..... :-|

> Otherwise what is to stop subsequent receipts of junk sent from MX
> *.loverhearts.com ?
>
MX is intended to point to the server a domain uses to receive e-mail; 
the sending server for a domain does not have to be the MX. I set that 
up for one organization who was using an anti-spam service; the MX 
pointed to the anti-spam server, and the sending server was different 
and on that organization's own subnet.  I believe gmail does this, using 
multiple MXs and a massive subnet full of sending servers.  Gmail is not 
alone.  Gmail even wreaks havoc with greylisting, since the send retry 
is not guaranteed to come from the same sending server as the initial try.

I have gone down the road of blocking large subnets at the border router 
level; down this road lie false positives in spades.