Re: [exim] Exim server maillog are flood by spam attemps?

Top Page
Delete this message
Reply to this message
Author: Chris Siebenmann
Date:  
To: Flan AlFlani
CC: exim-users@exim.org, cks
Subject: Re: [exim] Exim server maillog are flood by spam attemps?
> My log is flooded with those spam attemps and I wonder if there is a
> ACL can stop those attemps.


If these are compromised accounts that are leading to you being used
to send/relay spam to other people, you should look at submission
ratelimits. A typical acl_smtp_rcpt ACL stanza might be:

    defer
        ratelimit = 200 / 60m / per_addr / $authenticated_id
        delay = 10s
        message = Sending too fast, try again later.


Then you have to watch your logs to determine compromised accounts and
fix them. It might be possible to automatically lock out accounts that
trigger ratelimiting, but you'd probably have to build this yourself
as I suspect no one has a canned recipe for it.

(It's definitely possible; Exim is very powerful and flexible. Expect
to have to read the Exim documentation carefully, and understand that
you're basically writing a little program.)

    - cks