Re: [exim] Stopping spammers who won't accept rejection

Top Page
Delete this message
Reply to this message
Author: Chris Knadle
Date:  
To: exim-users
Subject: Re: [exim] Stopping spammers who won't accept rejection
On Monday 23 January 2006 05:16, Chris Lear wrote:
> 1) Is there a cunning bit of exim config to save spamassassin CPU cycles
> on lots of similar mail from the same IP address all at the same time?
> [It makes me wonder whether accepting and dropping would be my best
> option, though I'm not going to do that]


I know of two basic possibilities for this.

1) Update the local_host_blacklist to contain the IP addresses/ranges that
abuse your system.

2) Use an automated system that makes firewall rules to selectively block
inbound packets to port 25 to "known bad" IP addresses. [VISPAN is one
example, and there are a number of other similar programs to do this.] Many
make these blocks temporarily and extend the block time upon further abuse.

Both of these so-called solutions have the drawback of possibly blocking
legitimate email servers temporarily or permanently, and normal users getting
block may not get feedback or will not go through the efforts to contact
their ISP and work through the issue. I've personally been on the receiving
end of a block that was automated via VISPAN of a legitimate email server,
and it took two days for the admin at the ISP to diagnose the problem and
then get the administrator of the server running VISPAN to unblock the IPs.
There were three outbound email servers, two of the IPs were blocked -- so I
was getting email through only intermittantly.

So -- yes, this kind of thing is possible, but it takes some care and
thought, and it has some drawbacks, like most SMTP solutions do.

    - Chris


--

Chris Knadle
Chris.Knadle@???