Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
For the past week we have been under a relentless spam attack.
The senders names look like this: email@example.com. Where the numbers are random for each spam message.
I created a blacklist address pattern of yourdata*@*.com, which did nothing.
I also tried it as a regular expression which also did nothing.
You're right that you can't blacklist anything with @* in it.
Can you post the headers and the content of one of these spams?
Cheers - Bob
In reply to BAlfson:
2019:06:12-00:24:08 basil exim-in: 2019-06-12 00:24:08 id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="188.8.131.52" from="YourData72@4780.com" to="firstname.lastname@example.org" size="-1" reason="rdns_helo" extra="RDNS missing"
2019:06:12-00:24:08 basil exim-in: 2019-06-12 00:24:08 H=([184.108.40.206]) [220.127.116.11]:53849 F=<YourData72@4780.com> rejected RCPT <email@example.com>: No RDNS entry for 18.104.22.168
2019:06:12-00:24:08 basil exim-in: 2019-06-12 00:24:08 SMTP connection from ([22.214.171.124]) [126.96.36.199]:53849 closed by DROP in ACLI've long since given up on UTM doing this.Now I'm studying Exim to configure it myself.Between Exim and Fail2ban I will succeed.I'll never understand why Sophos refuses to fix the expressions and TLD blocking. It's such a fundamental and basic requirement for a working system.