Autor: Paul Data: A: exim-users Assumpte: [Exim] Spam mail bomb - advice and tricks
Hi all,
We recently had a large flood of email bomb our server and it all appears to
be big spam floods from random sources.
The majority of if that I can see anyway seems to be faking its source as
our server's IP address, See below
It looks like they fake the HELO as our own IP address and do a big bunch of
RCPT to's for lots of our users.
Can we block this type of email on a global scale in our exim configuration?
Is this something considered safe and a good approach?
I can't see our server legitimately emailing itself and using it's own IP as
the HELO and not as the source IP in the email.
In the above cases the HELO or H= IP is always our IP and the source is
their random IP
It just leaves dead in the water as our server happily accepts a couple of
hundred RCPT to's a second to our local users from bad spammers.