Re: [exim] Joe job attack to my mail server.

Top Page
Delete this message
Reply to this message
Author: Graeme Fowler
Date:  
To: exim-users
Subject: Re: [exim] Joe job attack to my mail server.
On Thu, 2012-06-21 at 12:40 +0530, Dinoosh Nikapitiya wrote:
> My mail server is in joe job attack.


A "Joe Job" by definition does not involve your server, except that it
receives complaints or bounces aimed at your domain for messages which
did not originate there.

> I cannot send mails coz that ip is
> black listed. I tried to stop sending spam by adding acls and configuring
> SPF but couldn't.


So you're sending spam - that's not a Joe Job.

You should be able to tell from your logs what's happening - either
you're an open relay, or one of your users has had their credentials
pilfered and their account is being used to spam.

If I'm reading your config correctly, acl_check_dkim is not used *but*
is subsequently defined in the middle of acl_check_rcpt, which is
further broken by having "accept" as the first non-commented line. That
makes you an open relay.

You need to reconfigure your system, and you might aswell do it the
right way for your operating system by using the appropriate
dpkg-reconfigure command to do it.

Graeme