[exim] Hostname and TLD drops

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
MCyborg at ->
Delete this message
Reply to this message
Author: scout
Date:  
To: exim-users
Subject: [exim] Hostname and TLD drops
Hi, newbi questions please..

I can't figure out how to drop certain hostname connects. I get thousands of
these types of connects per day:

1.
2018-08-25 14:24:30.043 [26265] H=(my-domain-name.net) [37.114.179.1]:40546
I=[1.2.3.4]:25 sender verify fail for <email-account1@???>:
No Such User Here"
2018-08-25 14:24:30.043 [26265] H=(my-domain-name.net) [37.114.179.1]:40546
I=[1.2.3.4]:25 F=<email-account1@???> rejected RCPT
<email-account1@???>: Sender verify failed

2.
2018-08-25 14:25:27.607 [26306] H=(sex.com) [171.238.105.227]:43666
I=[1.2.3.4]:25 sender verify fail for <email-account1@???>:
No Such User Here"
2018-08-25 14:25:27.607 [26306] H=(sex.com) [171.238.105.227]:43666
I=[1.2.3.4]:25 F=<email-account1@???> rejected RCPT
<email-account1@???>: Sender verify failed

3.
2018-08-25 14:16:39.473 [25870] H=69.130.32.95.dsl-dynamic.vsi.ru (sex.com)
[95.32.130.69]:7481 I=[1.2.3.4]:25 sender verify fail for
<email-account1@???>: No Such User Here"
2018-08-25 14:16:39.473 [25870] H=69.130.32.95.dsl-dynamic.vsi.ru (sex.com)
[95.32.130.69]:7481 I=[1.2.3.4]:25 F=<email-account1@???>
rejected RCPT <email-account1@???>: Sender verify failed

Hostname IP's are always hacked international user computers so there's no
sense trying throw the IPs in a firewall. The only constants is that every
single connection is for the same non-existing account:
email-account1@???, and they all have 'sex.com' or
my-domain-name in the hostname H=. Yes, they currently all fail with just
two lines of code in the logs, but the volume of connections is increasing
daily.

I'm looking for something along the lines of:

If hostname equals 'sex.com' or hostname equals 'my-domain-name.net'
drop connection (don't process or write to the logs)

I run CSF if there is a way to do this with that product. I do not have the
CSF MailScanner installed.

----

Second question - I've about had it with all the thousands of TLD's like
.stream and the like. RBL's can't keep up. Has anyone configured an
automatic drop for these TLD's?

Thanks,
Newbie





This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Corrupted log lines when validating DKIM signaturesRe: [exim] Filter with special characters (!?)->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)