I am just expecting to get a warning message, which I will search every half
an hour and inform various people about possible spam attack. The
configuration is as follows:
acl_check_rcpt:
accept hosts = :
deny message = Restricted characters in address
domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
deny message = Restricted characters in address
domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
deny recipients = /usr/exim/deny_recipients
message = rejected becaused the person is in the denied recipients
list
#
# ******* WARN IF TOO MANY UNKNOWNS ***************
#
warn message = WARN - SPAM MAIL Failed Recipients - count = $rcpt_fail_count
condition = ${if > {${eval:$rcpt_fail_count}}{3}{yes}{no}}
!verify = recipients/callout=2m,defer_ok,use_sender
#
#
accept hosts = +relay_from_hosts
control = submission
accept authenticated = *
control = submission
require message = relay not permitted
domains = +local_domains : +relay_domains
require verify = recipient
deny message = rejected because $sender_host_address is in a black
list at $dnslist_domain\n$dnslist_text
dnslists = zen.dnsbl.ja.net
accept
-----Original Message-----
From: Exim-users [
mailto:exim-users-bounces+s.choudhury=bbk.ac.uk@exim.org] On
Behalf Of Jeremy Harris
Sent: 30 August 2016 22:15
To: exim-users@???
Subject: Re: [exim] Too many Failed Recipients
On 30/08/16 11:48, Sujit Acharyya-choudhury wrote:
> I saw some code in the Exim Github and thought of putting that in to
> warn us if we get a dictionary attack. However the following code,
> which I put in does not work:
Does not work in what fashion? What were you expecting it to do?
And where did you put it?
--
Jeremy
--
## List details at
https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
