Re: [exim] open relay aftermath

Top Pagina
Delete this message
Reply to this message
Auteur: Matthias-Christian Ott
Datum:  
Aan: Todd Lyons
CC: exim-users, Jim Cheetham
Onderwerp: Re: [exim] open relay aftermath
On Sun, Feb 13, 2011 at 10:02:16AM -0800, Todd Lyons wrote:
> On Sun, Feb 13, 2011 at 9:53 AM, Matthias-Christian Ott <ott@???> wrote:
> >> > Do you have any advice for what I should do additionally to ensure that
> >> > this configuration mistake has no further consequences (like being
> >> > blacklisted, rejected etc.)?
> >> Not quite what you want, but identify the IP addresses used by the bots,
> >> and blacklist them permanently at the edge of your network; they will
> >> not stop trying to send mail through your server, even if all subsequent
> >> attempts fail. You have better things to do than reject their messages
> >> with the MTA.
> > The problem is that the bots IP addresses come from dynamic address
> > pools and are changing.
>
> One thing that can help you in that regard:
>
>   deny    message        = $sender_host_address is listed at $dnslist_domain
>           !condition     = ${if eq {$acl_c0}{$sender_host_address}}
>           hosts          = !+relay_from_hosts
>           !authenticated = *
>           dnslists       = zen.spamhaus.org : bl.spamcop.net :
> combined.njabl.org


I don't like the concept of blacklists, but I will consider it if the
flooding still continues in one week.

> I put it in my rcpt acl (because I want to see both from and to
> addresses), but you could just as easily put it in connect or mail acl
> too, or data for that matter (but then that means you see the entire
> message body, which consumes YOUR bandwidth).


Unacceptable, it's only a small VPS. They will consume the bandwidth
within days.

Regards,
Matthias-Christian