On Sun, Feb 13, 2011 at 10:02:16AM -0800, Todd Lyons wrote:
> On Sun, Feb 13, 2011 at 9:53 AM, Matthias-Christian Ott <ott@???> wrote:
> >> > Do you have any advice for what I should do additionally to ensure that
> >> > this configuration mistake has no further consequences (like being
> >> > blacklisted, rejected etc.)?
> >> Not quite what you want, but identify the IP addresses used by the bots,
> >> and blacklist them permanently at the edge of your network; they will
> >> not stop trying to send mail through your server, even if all subsequent
> >> attempts fail. You have better things to do than reject their messages
> >> with the MTA.
> > The problem is that the bots IP addresses come from dynamic address
> > pools and are changing.
>
> One thing that can help you in that regard:
>
> deny message = $sender_host_address is listed at $dnslist_domain
> !condition = ${if eq {$acl_c0}{$sender_host_address}}
> hosts = !+relay_from_hosts
> !authenticated = *
> dnslists = zen.spamhaus.org : bl.spamcop.net :
> combined.njabl.org
I don't like the concept of blacklists, but I will consider it if the
flooding still continues in one week.
> I put it in my rcpt acl (because I want to see both from and to
> addresses), but you could just as easily put it in connect or mail acl
> too, or data for that matter (but then that means you see the entire
> message body, which consumes YOUR bandwidth).
Unacceptable, it's only a small VPS. They will consume the bandwidth
within days.
Regards,
Matthias-Christian
