On Thu, 2015-08-27 at 10:35 -0500, Valeri Galtsev wrote: > Me too: I started receiving them from different IP (with much longer > delay, so they do add "improvements" to their setup). This IP, has neither > DNS A record nor DNS PTR record, but has DNS MX record. One can use these > (have your MX stop talking to anything having broken DNS records). Exim is available from EPEL. In Exim: (1) I set one indicator if the host name does not fully resolve (IP to name to IP) (2) I set another indicator if there is something wrong with the HELO/EHLO name or the name does not resolve to the sender's IP address (3) I set a third indicator if the SMTP sender = SMTP recipient; or the SMTP recipient is an email address disused because of spam; or the SMTP recipient's host is *not* one of ours (4) If all 3 indicators set, then:- * then the email attempt is rejected before the email body (DATA) is received * a PHP sub-routine is called which creates a fully descriptive internal email and SUDO is invoked to add the IP address to the firewall's monthly blocking list. Otherwise if the sender = recipient or the recipient is 'wrong' the connection is rejected *before* the message body is accepted from the sender. ------------- Meanwhile, every incoming email's sender's host is checked against a file containing banned senders' host names and the occasional IP address. Fight spam by *not* being a passive victim. Regards, Paul.