Expression blocking, blacklist patterns not working

For the past week we have been under a relentless spam attack.

The senders names look like this: yourdata51@2020.com.   Where the numbers are random for each spam message.

 

I created a blacklist address pattern of yourdata*@*.com, which did nothing.

I also tried it as a regular expression which also did nothing.

 

Any suggestions?

UTM 9.602-3.

  • You're right that you can't blacklist anything with @* in it.

    Can you post the headers and the content of one of these spams?

    Cheers - Bob

  • In reply to BAlfson:

    2019:06:12-00:24:08 basil exim-in[22431]: 2019-06-12 00:24:08 id="1003" severity="info" sys="SecureMail" sub="smtp" name="email rejected" srcip="202.56.191.61" from="YourData72@4780.com" to="xxx@mydomain.com" size="-1" reason="rdns_helo" extra="RDNS missing"
    2019:06:12-00:24:08 basil exim-in[22431]: 2019-06-12 00:24:08 H=([202.56.191.61]) [202.56.191.61]:53849 F=<YourData72@4780.com> rejected RCPT <xxx@mydomain.com>: No RDNS entry for 202.56.191.61
    2019:06:12-00:24:08 basil exim-in[22431]: 2019-06-12 00:24:08 SMTP connection from ([202.56.191.61]) [202.56.191.61]:53849 closed by DROP in ACL

    I've long since given up on UTM doing this.
    Now I'm studying Exim to configure it myself.

    Between Exim and Fail2ban I will succeed.
    I'll never understand why Sophos refuses to fix the expressions and TLD blocking. It's such a fundamental and basic requirement for a working system.