Author: scout Date: To: exim-users Subject: [exim] Hostname and TLD drops
Hi, newbi questions please..
I can't figure out how to drop certain hostname connects. I get thousands of
these types of connects per day:
1.
2018-08-25 14:24:30.043 [26265] H=(my-domain-name.net) [37.114.179.1]:40546
I=[1.2.3.4]:25 sender verify fail for <email-account1@???>:
No Such User Here"
2018-08-25 14:24:30.043 [26265] H=(my-domain-name.net) [37.114.179.1]:40546
I=[1.2.3.4]:25 F=<email-account1@???> rejected RCPT
<email-account1@???>: Sender verify failed
2.
2018-08-25 14:25:27.607 [26306] H=(sex.com) [171.238.105.227]:43666
I=[1.2.3.4]:25 sender verify fail for <email-account1@???>:
No Such User Here"
2018-08-25 14:25:27.607 [26306] H=(sex.com) [171.238.105.227]:43666
I=[1.2.3.4]:25 F=<email-account1@???> rejected RCPT
<email-account1@???>: Sender verify failed
3.
2018-08-25 14:16:39.473 [25870] H=69.130.32.95.dsl-dynamic.vsi.ru (sex.com)
[95.32.130.69]:7481 I=[1.2.3.4]:25 sender verify fail for
<email-account1@???>: No Such User Here"
2018-08-25 14:16:39.473 [25870] H=69.130.32.95.dsl-dynamic.vsi.ru (sex.com)
[95.32.130.69]:7481 I=[1.2.3.4]:25 F=<email-account1@???>
rejected RCPT <email-account1@???>: Sender verify failed
Hostname IP's are always hacked international user computers so there's no
sense trying throw the IPs in a firewall. The only constants is that every
single connection is for the same non-existing account:
email-account1@???, and they all have 'sex.com' or
my-domain-name in the hostname H=. Yes, they currently all fail with just
two lines of code in the logs, but the volume of connections is increasing
daily.
I'm looking for something along the lines of:
If hostname equals 'sex.com' or hostname equals 'my-domain-name.net'
drop connection (don't process or write to the logs)
I run CSF if there is a way to do this with that product. I do not have the
CSF MailScanner installed.
----
Second question - I've about had it with all the thousands of TLD's like
.stream and the like. RBL's can't keep up. Has anyone configured an
automatic drop for these TLD's?