This doesn't block the IP, it just drops the connection. Trivial to add
a call to add the sender IP to a file or directly to iptables...
acl_check_helo:
...
drop
message = Crack-bot
log_message = Common crack-bot host name
condition = ${if eq{$sender_helo_name}{ylmf-pc}}
On 09/08/2016 10:17 PM, Dean Hamstead wrote:
> Hi All
>
> Its easy enough to add a rule to the exim config to always reject
> connections which HELO ylmf-pc. However they still seem to hammer away.
>
> Has anyone come up with anything slick to block the ip address of
> clients that make a ylmf-pc request?
>
> Log tailing would be ok, but it seems that an external program could
> fairly easily be called (denyhosts or similar)
>
> Dean
>