Re: [Exim] Interesting "attack" on my exim server...

Top Page
Delete this message
Reply to this message
Author: michael
Date:  
To: exim-users
Subject: Re: [Exim] Interesting "attack" on my exim server...
> After getting a few megabytes of "verify failed" messages in my exim3 logs, I
> set host_reject for the addresses.
>
> The attacks are coming from 200.231.206.0/24 (several dozen hosts)


I've seen dictionary spam attacks and faked "opt-in" mailing lists,
that were all but opt-in, in the past as well.

A particular dumb pattern that easily catches your eye is quite common
among those spammers and blocking them often helps for up to a few
months, until they change IP networks. Most the time they stay at the
same provider and just get a new /24.

I allow SMTP connects and use the Exim4 ACL for RCPT to prevent such
attacks being successful:

  deny    hosts = /var/exim/etc/reject-smtp


Michael