Many e-mail servers have encountered a massive spam spam received from e-mail addresses in China.
To filter IPs is quite difficult, especially if they are a few thousand and are not included in a global SPAM list. I have seen, however, that many messages come from qq.com. A domain address that uses a lot of IPs and makes SPAM globally.
If we identify the source domain from which these messages are sent and we have access to the EXIM service configurations, you can set an automatic rejection of them. This means that messages sent from a specific domain name or e-mail address can be automatically rejected.
How to set EXIM to automatically reject messages received from one or more domain names, email addresses, or even TLDs (.cn, .in, .io, etc.…)
First of all we need to have full access to the e-mail server and let us know that e-mail is being transported through the EXIM service. This is also the most widely used on Linux servers.
1. We locate and open for editing "exim.conf". The name may vary depending on the version of EXIM used.
nano /etc/exim.conf
2. In exim.conf we add the following lines for ACL
acl_check_data:
deny senders = /etc/deny_senders
accept
We save the file after adding the lines above.
3. We create and edit the "deny_senders" file in which we add the domains, e-mail addresses or .tlds from which we do not want to receive e-mails: nano /etc/deny_senders
*@qq.com
*.cn
[email protected]
4. We save the file and restart the EXIM service.
systemctl restart exim
The result in the server will look like this:
tail -f /var/log/exim.log
1eYSPn-0006oJ-2U H=(qq.com) [180.117.215.50] F=<[email protected]> rejected after DATA
1eYSQJ-0006ok-FN H=(aplongsheng.com) [113.117.106.33] F=<[email protected]> rejected after DATA
1eYSQU-0006pT-F6 H=(cdadsj.com) [118.248.236.18] F=<[email protected]> rejected after DATA
1eYSSQ-0006ux-QB H=(qq.com) [125.125.211.88] F=<[email protected]> rejected after DATA
It's the easiest simple option if you're taken up by waves of SPAM coming from China, India, Russia or other areas of the globe. However, before blocking a domain name or a TLD, make sure you do not have partners or collaborators who can contact you from these addresses.
This EXIM setup is valid for both web servers with cPanel and for those with VestaCP.