Re: [Exim] Columbian Spammer

Top Page
Delete this message
Reply to this message
Author: Kevin Reed
Date:  
To: exim-users
Subject: Re: [Exim] Columbian Spammer
Ron McKeating said:
> For the past few weeks every night we are getting thousands of spams
> trying to route through one of our mail servers. Here is a sample log
> entry
>
> 2003-11-03 00:01:27 H=(compaq-1.epm.net.co) [200.116.23.169]
> F=<utvegaya@???> rejected RCPT <csevillano@???>:
> relay not permitted
>
> Why they bother to continue I do not know as they never get anywhere. I
> have complained to abuse@??? and their postmaster but not had any
> response.
>
> Where would be the best place to put an acl that would simply disconnect
> them every time they tried to connect to our site?


In the connect ACL... I keep a list of postmaster spammers..
or you could just block them in your border routers and they will never be
seen.

acl_connect:

# Drop any hosts that are on our rbl-always list
drop hosts = /usr/local/exim/rbl-always
     message = Host Denied Access [$sender_host_address]\n \
        http://www.tnet.com/spam.html
     log_message = DROP: RBL-ALWAYS This host is blocked for ALL connections
     delay = 30s


# Accept the rest
accept


--
Kevin W. Reed - TNET Services, Inc.
Unoffical Exim MTA Info Forums - http://exim.got-there.com/forums