Help with blacklisting

General eFa discussion
Post Reply
echo
Posts: 7
Joined: 07 Jan 2020 11:31

Help with blacklisting

Post by echo » 07 Mar 2020 12:47

Hi everyone,
I have the following question: Is there any possibility to blacklist not the sender domain (as it is in mailwatch sql blacklist), but the smtp that sends it?
And here is why: for the last couple of days we received a lot of phishing messages from (as it seems) the servers of one (probably) hosting company:

Code: Select all

Received: from aruba.it (hwsrv-685461.hostwindsdns.com [23.254.224.199])
The sender server always differs, but always resolves to: *.hostwindsdns.com. I tried adding hostwindsdns.com to the blacklist without success. The problem is that they always using different header.from.

I've google this for awhile, but it is getting really annoying, so I would like to blacklist (or reject) anything coming from *.hostwindsdns.com.
Can I modify the mailwatch sql blacklist behaviour, to do that? I already have quite a blacklist there...

Any help would be appreciated.
Thank you.

User avatar
shawniverson
Posts: 3029
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Help with blacklisting

Post by shawniverson » 09 Mar 2020 22:47

Did you try "hostswindsdns.com" without the *?

Blacklist would look like this:

From: hostswindsdns.com
To: default
Version eFa 4.0.2 now available!

User avatar
shawniverson
Posts: 3029
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Help with blacklisting

Post by shawniverson » 09 Mar 2020 22:48

You can also just blacklist it using postfix.
Version eFa 4.0.2 now available!

Post Reply