Markus Braun wrote: > > >> From: W B Hacker <[EMAIL PROTECTED]> >> To: [email protected] >> Subject: Re: [exim] Exim4 Spam >> Date: Sat, 04 Nov 2006 05:55:49 +0800 >> >> Marc Sherman wrote: >>> Markus Braun wrote: >>>>> Your exim logs "rejected RCPT". Why do you think you _get_ so much >>>>> spam? >>>> yes exim rejected it, but i want know if i can do anything else against >>>> spam? >>> What more do you want to do with it than reject it? >>> >>> - Marc >>> > okay nothing. > *snip*
There IS more you can do - but with CAVEATS: - IF, log inspection reveals 'concentration' of malicious arrivals from within identifiable IP blocks, you *may* elect to put some of them into firewall block rules. - The 'CAVEATS' are threefold: First - Exim only needs to run ruleset tests when a connection arrives on one of its ports, most often port 25. The firewall, although more efficient and working with far simpler rules, must check the ruleset 'tree' for *every* new connection, so you do not want to try to duplicate an RBL list's entire zonefile - or even a small part of it. Second - Once placed into a firewall ruleset, there is no longer any way for *Exim* to 'whitelist' an IP, or even log an attempt. It can't see them. Third - You need to be certain that no member of your user community is likely to have a correspondent in, or travel/relocate to, the IP or IP block firewalled. Easy for some, hard for others. '80/20' rule, or even '90/10' usually applies. 20% or fewer of the chronic offenders will be responsible for 80% or more of all such malicious arrivals. This will shift over time. Used with care, prior inspection, and regular review - it can help a great deal. "..with care.." HTH, Bill -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
