On Thu, Jul 26, 2007 at 12:17:22PM -0400, Tom Ray [Lists] wrote: > My mail server is being over run and it's causing some real issues. I'm > not really sure how to stop it, I'll be the first to admit that my > skills with Exim are about an intermediate level so any help with this > would be great. > > Basically this is what I am getting in my log: > > 2007-07-26 11:57:45 lowest numbered MX record points to local host: > mymsviews.com (while verifying <[EMAIL PROTECTED]> from host > (mail.fcpp.org) [64.201.170.253]) > 2007-07-26 11:57:45 H=(mail.fcpp.org) [64.201.170.253] F=<> temporarily > rejected RCPT <[EMAIL PROTECTED]>: lowest numbered MX record points to > local host [...]
It already blocks that; as soon as it detects that the reverse lookup is fishy, the mail is temprejected. Permanently rejecting a mail at that point would seem to be a bad idea, since it might be a genuine configuration mistake. Also, spammers don't really care whether you send 4xx or a 5xx, so permanently rejecting them at that point won't really help. > It's basically the same thing over and over again just from a pile of > different hosts and IPs. Is there anything I can do to make this stop? I > can block IP's but there's just to much to keep up with. Use a DNSBL to block hosts. There are some examples of how to do this in the default exim config file. You could write a script to parse your mainlog, store the fishy IP addresses somewhere that you can do a lookup to from exim, and then block that from an ACL somewhere. That's really the same thing as the DNSBL solution, except that it's slightly more tailored to your server and not even remotely the same amount of blocked IP addresses. If you're going to do either of the above unconditionally for every connecting IP address, it makes sense to do that in the acl_smtp_helo ACL. If you're suffering from load issues, check out the "queue_only_load", "deliver_queue_load_max", and "smtp_load_reserve" configuration options. With those, you can do things like accept mail, but hold it on the queue rather than delivering it immediately. This will slightly delay your mails, but it's often better to delay mail by putting it on the queue than it is to delay mail by sending a "I'm overloaded, please try again later" 4xx reply or (even worse), timing out the connection. -- <Lo-lan-do> Home is where you have to wash the dishes. -- #debian-devel, Freenode, 2004-09-22 -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
