Re: [exim] Help, Please.

Top Page
Delete this message
Reply to this message
Author: Wouter Verhelst
Date:  
To: Tom Ray [Lists]
CC: Exim-Users ML
Subject: Re: [exim] Help, Please.
On Thu, Jul 26, 2007 at 12:17:22PM -0400, Tom Ray [Lists] wrote:
> My mail server is being over run and it's causing some real issues. I'm
> not really sure how to stop it, I'll be the first to admit that my
> skills with Exim are about an intermediate level so any help with this
> would be great.
>
> Basically this is what I am getting in my log:
>
> 2007-07-26 11:57:45 lowest numbered MX record points to local host:
> mymsviews.com (while verifying <odyl@???> from host
> (mail.fcpp.org) [64.201.170.253])
> 2007-07-26 11:57:45 H=(mail.fcpp.org) [64.201.170.253] F=<> temporarily
> rejected RCPT <odyl@???>: lowest numbered MX record points to
> local host

[...]

It already blocks that; as soon as it detects that the reverse lookup is
fishy, the mail is temprejected. Permanently rejecting a mail at that
point would seem to be a bad idea, since it might be a genuine
configuration mistake. Also, spammers don't really care whether you send
4xx or a 5xx, so permanently rejecting them at that point won't really
help.

> It's basically the same thing over and over again just from a pile of
> different hosts and IPs. Is there anything I can do to make this stop? I
> can block IP's but there's just to much to keep up with.


Use a DNSBL to block hosts. There are some examples of how to do this in
the default exim config file.

You could write a script to parse your mainlog, store the fishy IP
addresses somewhere that you can do a lookup to from exim, and then
block that from an ACL somewhere. That's really the same thing as the
DNSBL solution, except that it's slightly more tailored to your server
and not even remotely the same amount of blocked IP addresses.

If you're going to do either of the above unconditionally for every
connecting IP address, it makes sense to do that in the acl_smtp_helo
ACL.

If you're suffering from load issues, check out the "queue_only_load",
"deliver_queue_load_max", and "smtp_load_reserve" configuration options.
With those, you can do things like accept mail, but hold it on the queue
rather than delivering it immediately. This will slightly delay your
mails, but it's often better to delay mail by putting it on the queue
than it is to delay mail by sending a "I'm overloaded, please try again
later" 4xx reply or (even worse), timing out the connection.

--
<Lo-lan-do> Home is where you have to wash the dishes.
-- #debian-devel, Freenode, 2004-09-22