Re: [exim] open relay aftermath

Página Principal
Apagar esta mensagem
Responder a esta mensagem
Autor: Todd Lyons
Data:  
Para: Matthias-Christian Ott
CC: exim-users, Jim Cheetham
Assunto: Re: [exim] open relay aftermath
On Sun, Feb 13, 2011 at 9:53 AM, Matthias-Christian Ott <ott@???> wrote:
>> > Do you have any advice for what I should do additionally to ensure that
>> > this configuration mistake has no further consequences (like being
>> > blacklisted, rejected etc.)?
>> Not quite what you want, but identify the IP addresses used by the bots,
>> and blacklist them permanently at the edge of your network; they will
>> not stop trying to send mail through your server, even if all subsequent
>> attempts fail. You have better things to do than reject their messages
>> with the MTA.
> The problem is that the bots IP addresses come from dynamic address
> pools and are changing.


One thing that can help you in that regard:

  deny    message        = $sender_host_address is listed at $dnslist_domain
          !condition     = ${if eq {$acl_c0}{$sender_host_address}}
          hosts          = !+relay_from_hosts
          !authenticated = *
          dnslists       = zen.spamhaus.org : bl.spamcop.net :
combined.njabl.org


I put it in my rcpt acl (because I want to see both from and to
addresses), but you could just as easily put it in connect or mail acl
too, or data for that matter (but then that means you see the entire
message body, which consumes YOUR bandwidth).

--
Regards...      Todd
I seek the truth...it is only persistence in self-delusion and
ignorance that does harm.  -- Marcus Aurealius