Help with blacklisting

General eFa discussion
Post Reply
echo
Posts: 10
Joined: 07 Jan 2020 11:31

Help with blacklisting

Post by echo »

Hi everyone,
I have the following question: Is there any possibility to blacklist not the sender domain (as it is in mailwatch sql blacklist), but the smtp that sends it?
And here is why: for the last couple of days we received a lot of phishing messages from (as it seems) the servers of one (probably) hosting company:

Code: Select all

Received: from aruba.it (hwsrv-685461.hostwindsdns.com [23.254.224.199])
The sender server always differs, but always resolves to: *.hostwindsdns.com. I tried adding hostwindsdns.com to the blacklist without success. The problem is that they always using different header.from.

I've google this for awhile, but it is getting really annoying, so I would like to blacklist (or reject) anything coming from *.hostwindsdns.com.
Can I modify the mailwatch sql blacklist behaviour, to do that? I already have quite a blacklist there...

Any help would be appreciated.
Thank you.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Help with blacklisting

Post by shawniverson »

Did you try "hostswindsdns.com" without the *?

Blacklist would look like this:

From: hostswindsdns.com
To: default
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Help with blacklisting

Post by shawniverson »

You can also just blacklist it using postfix.
Post Reply