[Pkg-exim4-users] Probe, every 27 mins, from one IP addr - how to block?

[Ron Leach]

List, good afternoon,

I run an Exim4 system using Debian oldstable (Wheezy) and, in the 
mainlog, *every* 27 minutes, is:
no host name found for IP address <ipv4>
  (where <ipv4> is one, specific, IP address, every time).

whois indicates that the IP address is that of a commercial entity in 
another continent, with whom we have no connection as far as we know. 
  There is no other type of log entry related to this IP address, 
there is no log of either an attempted send to one of our users, nor 
any attempt to relay elsewhere.  The logged entry is every 27 minutes 
irrespective of any other incoming messages, of which there are 
relatively few; this is not a high volume MTA.

Archived comments on various exim lists suggest that this log entry is 
merely a 'warning', and caused by the sender having no rDNS entry. 
Nevertheless, despite the entry being only a warning, and despite the 
- apparent - absence of any other attempt to send a message either to 
us or to relay elsewhere or, even, to send a (detectedly) malformed 
message, or attempt to authorise, its continuing, regular, appearance 
is puzzling.  I've decided to block that IP.

We use the single file of exim conf which includes a section for 
defining a local list of IP addresses that should be blocked.  The 
list should be in the file
/etc/exim4/local_host_blacklist
which I've created and contains the single entry of that logged IP 
address.

On updating the conf and restarting exim

# update-exim4.conf
  - which did not report any config problems
# service exim restart

I was disappointed to see that the suspect IP is still being logged as 
'no host name' every 27 minutes.

Is there any way I can prevent this IP address reaching exim?

I would be interested to understand better what type(s) of incoming 
signal could trigger this log entry, and whether the entry can mean 
anything other than absent rDNS.

Any insights would be much appreciated,

regards, Ron