Re: [exim] A DOS?

Top Page
Delete this message
Reply to this message
Author: Jeremy Harris
Date:  
To: exim-users
Subject: Re: [exim] A DOS?
On 05/06/2020 08:40, Jacques B. Siboni via Exim-users wrote:
> Maybe the question is how to filter the pattern after the
>
> router keyword?


The thing in parentheses (after the H= field) is the HELO name.
If that is a consistent thing presented by this spammer, then...

there is a variable with the helo. Write an ACL verb that
matches that value, and deny the message. Put it in an
appropriate ACL (generally, as early as possible in the
SMTP conversation).


> What can you suggest?


Read the documentation. Start with Chapter 3, then go on to
the logging chapter, the ACL chapter and the string-expansions
chapter.


By the way, if you really are logging "H=router" then you
have an unusual network setup. If you obfuscated it, then
you are making it harder for us to help you.
--
Cheers,
Jeremy