Re: [exim] Joe job attack to my mail server.

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MDinoosh Nikapitiya at <-
M 
Delete this message
Reply to this message
Author: Graeme Fowler
Date:  
To: exim-users
Subject: Re: [exim] Joe job attack to my mail server.
On Thu, 2012-06-21 at 12:40 +0530, Dinoosh Nikapitiya wrote:
> My mail server is in joe job attack.

A "Joe Job" by definition does not involve your server, except that it
receives complaints or bounces aimed at your domain for messages which
did not originate there.

> I cannot send mails coz that ip is
> black listed. I tried to stop sending spam by adding acls and configuring
> SPF but couldn't.

So you're sending spam - that's not a Joe Job.

You should be able to tell from your logs what's happening - either
you're an open relay, or one of your users has had their credentials
pilfered and their account is being used to spam.

If I'm reading your config correctly, acl_check_dkim is not used *but*
is subsequently defined in the middle of acl_check_rcpt, which is
further broken by having "accept" as the first non-commented line. That
makes you an open relay.

You need to reconfigure your system, and you might aswell do it the
right way for your operating system by using the appropriate
dpkg-reconfigure command to do it.

Graeme


This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] dkim example requestRe: [exim] dkim example request->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)