RE: [Exim] Spam emails problem with mail server

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMSuresh Ramasubramanian at <-
 
Delete this message
Reply to this message
Author: Rick Cooper
Date:  
To: Ganbold, exim-users
Subject: RE: [Exim] Spam emails problem with mail server

> -----Original Message-----
> From: exim-users-admin@???
> [mailto:exim-users-admin@exim.org]On
> Behalf Of Ganbold
> Sent: Monday, February 16, 2004 11:26 PM
> To: exim-users@???
> Subject: [Exim] Spam emails problem with mail server
>
>
> Hi all,
>
> I have Exim 4.30 with latest exiscan patch in FreeBSD
> 5.2-current machine.
> I have also SpamAssassin and black
> list ckeckings in exim config.
> I'm running free web mail service on this machine.
> Everything is working
> fine except some
> people are sending thousands of spam emails to the
> Internet from web interface.
> How to prevent sending thousands of spam emails? How
> to check it?

You should have your web mail sending to your exim server via
smpt, then add a rcpt acl
something like: 

# Deny if either the too many rcpt to: commands or recipients
deny condition = ${if or {\
        {>{$recipients_count}{15}}\
        {>{$rcpt_count}{15}}\
        }\
        {yes}{no}}
    message = Recipient count is above maximum per message please \
              reduce your message recipient count to allowed limit \
              of 15


You will want to watch for this in your reject logs and look in
to any infraction of this policy. I have had a similar policy on
our mail servers since a salesman downloaded a "verified email
list" from yahoo. He thought it wouldn't be spamming if he got it
from a place like yahoo... there were a ton of @home.com address
and @home had been gone for nearly two years already.

Of course you may want to add exceptions for specific hosts, or
possibly a hosts = xx.xx.xx.xx to enforce this rule only for
connections from your web mail server.

Just make sure the users are aware that policy states you cannot
send a message to
more than 15 people at a time. I would think this would make you
far less attractive
to spammers. Of course the best way to prevent this is not run a
free webmail service without verifying, in some manner, the user
of the account.


> I tried to block accounts but they just created new
> accounts and start sending.
> How to block IP addresses? Will it solve the problem?
> What happen if they change IP addresses since there
> are many open proxies
> around?
>
> A I said before I'm checking black lists at SMTP time.
> Since spammers are
> using web interface it is not checking.
> How to check IP addresses when they using web
> interface? Are there any such
> methods?
>

Again, make sure your webmail service is sending to your exim
server via smtp and not piping through sendmail

> thanks in advance,
>
> Ganbold
>
>
> --
>
> ## List details at
http://www.exim.org/mailman/listinfo/exim-users Exim details at
http://www.exim.org/ ##


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[Exim] Re: Snapshot available for testing maildirsize[Exim] exiscan & Exim 4 on debian->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)