Wouter Verhelst wrote: > On Thu, Jul 26, 2007 at 12:17:22PM -0400, Tom Ray [Lists] wrote: > >> My mail server is being over run and it's causing some real issues. I'm >> not really sure how to stop it, I'll be the first to admit that my >> skills with Exim are about an intermediate level so any help with this >> would be great. >> >> Basically this is what I am getting in my log: >> >> 2007-07-26 11:57:45 lowest numbered MX record points to local host: >> mymsviews.com (while verifying <[EMAIL PROTECTED]> from host >> (mail.fcpp.org) [64.201.170.253]) >> 2007-07-26 11:57:45 H=(mail.fcpp.org) [64.201.170.253] F=<> temporarily >> rejected RCPT <[EMAIL PROTECTED]>: lowest numbered MX record points to >> local host >> > [...] > > It already blocks that; as soon as it detects that the reverse lookup is > fishy, the mail is temprejected. Permanently rejecting a mail at that > point would seem to be a bad idea, since it might be a genuine > configuration mistake. Also, spammers don't really care whether you send > 4xx or a 5xx, so permanently rejecting them at that point won't really > help. > > >> It's basically the same thing over and over again just from a pile of >> different hosts and IPs. Is there anything I can do to make this stop? I >> can block IP's but there's just to much to keep up with. >> > > Use a DNSBL to block hosts. There are some examples of how to do this in > the default exim config file. > > You could write a script to parse your mainlog, store the fishy IP > addresses somewhere that you can do a lookup to from exim, and then > block that from an ACL somewhere. That's really the same thing as the > DNSBL solution, except that it's slightly more tailored to your server > and not even remotely the same amount of blocked IP addresses. > > If you're going to do either of the above unconditionally for every > connecting IP address, it makes sense to do that in the acl_smtp_helo > ACL. > > If you're suffering from load issues, check out the "queue_only_load", > "deliver_queue_load_max", and "smtp_load_reserve" configuration options. > With those, you can do things like accept mail, but hold it on the queue > rather than delivering it immediately. This will slightly delay your > mails, but it's often better to delay mail by putting it on the queue > than it is to delay mail by sending a "I'm overloaded, please try again > later" 4xx reply or (even worse), timing out the connection. > > Thanks for the advice, I was just reading up on those. I'm going to try some things in the conf file.
-- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
