Author: Christoph Kliemt Date: To: exim-users Subject: Re: [Exim] Columbian Spammer
Ron McKeating <R.J.Mckeating@???> writes:
> For the past few weeks every night we are getting thousands of spams
> trying to route through one of our mail servers. Here is a sample log
> entry
>
> 2003-11-03 00:01:27 H=(compaq-1.epm.net.co) [200.116.23.169]
> F=<utvegaya@???> rejected RCPT <csevillano@???>:
> relay not permitted
>
> Why they bother to continue I do not know as they never get anywhere. I
> have complained to abuse@??? and their postmaster but not had any
> response.
>
> Where would be the best place to put an acl that would simply disconnect
> them every time they tried to connect to our site?
I do it this way: If someone tries to relay, i put the ip in a database
(postgres) and refuse a connection (acl_smtp_connect) for a week or
so... it works! :-)