Re: [Exim] Columbian Spammer

Top Page
Delete this message
Reply to this message
Author: Christoph Kliemt
Date:  
To: exim-users
Subject: Re: [Exim] Columbian Spammer
Ron McKeating <R.J.Mckeating@???> writes:

> For the past few weeks every night we are getting thousands of spams
> trying to route through one of our mail servers. Here is a sample log
> entry
>
> 2003-11-03 00:01:27 H=(compaq-1.epm.net.co) [200.116.23.169]
> F=<utvegaya@???> rejected RCPT <csevillano@???>:
> relay not permitted
>
> Why they bother to continue I do not know as they never get anywhere. I
> have complained to abuse@??? and their postmaster but not had any
> response.
>
> Where would be the best place to put an acl that would simply disconnect
> them every time they tried to connect to our site?


I do it this way: If someone tries to relay, i put the ip in a database
(postgres) and refuse a connection (acl_smtp_connect) for a week or
so... it works! :-)

\\// christoph