Author: Dennis Davis Date: To: Ron McKeating CC: Exim-Users Subject: Re: [Exim] Columbian Spammer
>From: Ron McKeating <R.J.Mckeating@???> >To: "Exim-Users (E-mail)" <exim-users@???>
>Subject: [Exim] Columbian Spammer
>Date: Mon, 03 Nov 2003 10:34:12 +0000
>
>For the past few weeks every night we are getting thousands of spams
>trying to route through one of our mail servers. Here is a sample log
>entry
>
>2003-11-03 00:01:27 H=(compaq-1.epm.net.co) [200.116.23.169]
>F=<utvegaya@???> rejected RCPT <csevillano@???>:
>relay not permitted
>
>Why they bother to continue I do not know as they never get anywhere. I
>have complained to abuse@??? and their postmaster but not had any
>response.
>
>Where would be the best place to put an acl that would simply disconnect
>them every time they tried to connect to our site?
If they are this badly behaved there's not much you can do with
exim. You can try just dropping the connection in the ACL given by
acl_smtp_connect. Or deny them access in /etc/hosts.allow if you've
compiled exim with tcpwrapper support. However you'll still see all
the attempted connections. Probably the best place is to configure
your firewall to deny them access. Then exim won't even see the
connections.