One of the notorious spammers has now started spamming via his own relays from anonymous addresses such as george [ at ] hotmail [ dot ] com. I used to catch mail from these jerks by their domain (prod-infinitum.com.mx) but that doesn't work when they're just the relay (see the logs below to get what I mean?). The blackhole lists still catch them most of the time but they change servers so often even that isn't totally effective. I tried to block on the basis of ip address in the firewall but by my count they are now up to over 130 addresses without any systematic way of catching them all and they change too much anyway. So, my question: Is there a way to configure sendmail to reject based on the resolved connected host. Here's some entries from the maillog to show what I want to catch: 1) They *are* being Rejected through the access db May 15 06:01:28 cascades sendmail[25894]: ruleset=check_relay, arg1=dsl-200-95-25-70.prod-infinitum.com.mx, arg2=200.95.25.70, relay=dsl-200-95-25-70.prod-infinitum.com.mx [200.95.25.70], reject=550 5.7.1 Access denied 2) The blackholes catch them sometimes May 15 05:59:37 cascades sendmail[25854]: ruleset=check_relay, arg1=[201.137.143.91], arg2=127.0.0.4, relay =dsl-201-137-143-91.prod-infinitum.com.mx [201.137.143.91] (may be forged), reject=550 5.7.1 Rejected: 201.137.143.91 listed at sbl-xbl.spamhaus.org 3) but sometimes they get through May 15 06:08:08 cascades sendmail[25935]: j4FA86lD025935: from=<www [ at ] mailer [ dot ] milenio [ dot ] com [ dot ] mx>, size=39237, class=0, nrcpts=0, bodytype=8BITMIME, proto=ESMTP, daemon=MTA, relay=dsl-201-137-82-106.prod-infinitum.com.mx [201.137.82.106] (may be forged) Anyone know why that last type gets through and what I have to do to sendmail to block that? TIA Alex ==== -- This message has been scanned for viruses and dangerous content by Avantel Systems, and is believed to be clean.