Hi Mark Thank you, but my question was, how to match the rdns name of the source IP.
Well i found out the header matcher can also match Received: header lines. header IMP_RECV_SHOP Received =~ /\.shop\ / score IMP_RECV_SHOP 10 describe IMP_RECV_SHOP Received: from shop TLD This works for me. Am Sat, 21 Jun 2025 13:47:19 -0400 schrieb Mark London <m...@psfc.mit.edu>: > I and probably a lot of people here, block that domain and a bunch > others, even before they reach spamassassin > > "Why Phishers Love New TLDs Like .shop, .top and .xyz" > > https://krebsonsecurity.com/2024/12/why-phishers-love-new-tlds-like-shop-top-and-xyz/ > > "Spammers and scammers gravitate toward domains in the new gTLDs because > these registrars tend to offer cheap or free registration with little to > no account or identity verification requirements." > > On 6/20/2025 3:40 AM, Benoît Panizzon wrote: > > Is there a way to match the sending IP rdns name? > > > > Received: from future.roommagic.shop (future.roommagic.shop [37.59.92.8] > > Port:45265) > > > > like match /\.shop$/ of the rdns name? > > > Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________