Re: [exim] slowing spammers with iptables -m recent

Pàgina inicial
Delete this message
Reply to this message
Autor: Marc Sherman
Data:  
A: exim-users
Assumpte: Re: [exim] slowing spammers with iptables -m recent
Tony Godshall wrote:
>
> I asked this over on debian-user and got some response but
> nothing specific. So I joined this list and perused its
> archives. Interesting stuff but nothing close. Here
> goes...


For questions about Debian config files, you want to post to the Debian
exim-users list, which is documented in
/usr/share/doc/debian-base/README.debian.gz.

> Symptom: tons of "Unroutable address" logs like this in my
> /var/log/exim4/mainlog...
>
> 2005-11-22 12:34:53 H=adsl-63-195-120-242.dsl.snfc21.pacbell.net
> (thesitefights.com) [63.195.120.242]
> F=<connie.cisneros_qx@???> rejected RCPT <middleton@???>:
> Unrouteable address


There's nothing wrong; that's just Exim logging that it's doing the
right thing with those bogus addresses.

> iptables rule:
>
>   #reject for 40 seconds each time we get a smtp_penalty_box hit
>   iptables -A INPUT \
>     -m recent --name smtp_penalty_box --rcheck --seconds 40 \
>     -j DROP


That's really unnecessary. You're just blocking the spammer at a lower
layer, when Exim is doing a perfectly adequate job itself. If you don't
get this stuff right, you now have two things to debug, and for this
home-rolled iptables blocking, no-one can help you debug it. As well,
for the case where someone legitimately misspells an address on your
server, they now get a mail server failure when they try to resend with
the right address.

However, if you really want to use it, ${run...} is the right way to do
it, as Jakob said.

- Marc