Ron McKeating said:
> For the past few weeks every night we are getting thousands of spams
> trying to route through one of our mail servers. Here is a sample log
> entry
>
> 2003-11-03 00:01:27 H=(compaq-1.epm.net.co) [200.116.23.169]
> F=<utvegaya@???> rejected RCPT <csevillano@???>:
> relay not permitted
>
> Why they bother to continue I do not know as they never get anywhere. I
> have complained to abuse@??? and their postmaster but not had any
> response.
>
> Where would be the best place to put an acl that would simply disconnect
> them every time they tried to connect to our site?
In the connect ACL... I keep a list of postmaster spammers..
or you could just block them in your border routers and they will never be
seen.
acl_connect:
# Drop any hosts that are on our rbl-always list
drop hosts = /usr/local/exim/rbl-always
message = Host Denied Access [$sender_host_address]\n \
http://www.tnet.com/spam.html
log_message = DROP: RBL-ALWAYS This host is blocked for ALL connections
delay = 30s
# Accept the rest
accept
--
Kevin W. Reed - TNET Services, Inc.
Unoffical Exim MTA Info Forums -
http://exim.got-there.com/forums
