> After getting a few megabytes of "verify failed" messages in my exim3 logs, I
> set host_reject for the addresses.
>
> The attacks are coming from 200.231.206.0/24 (several dozen hosts)
I've seen dictionary spam attacks and faked "opt-in" mailing lists,
that were all but opt-in, in the past as well.
A particular dumb pattern that easily catches your eye is quite common
among those spammers and blocking them often helps for up to a few
months, until they change IP networks. Most the time they stay at the
same provider and just get a new /24.
I allow SMTP connects and use the Exim4 ACL for RCPT to prevent such
attacks being successful:
deny hosts = /var/exim/etc/reject-smtp
Michael
