On Sun, Feb 13, 2011 at 10:02:16AM -0800, Todd Lyons wrote: > On Sun, Feb 13, 2011 at 9:53 AM, Matthias-Christian Ott <[email protected]> > wrote: > >> > Do you have any advice for what I should do additionally to ensure that > >> > this configuration mistake has no further consequences (like being > >> > blacklisted, rejected etc.)? > >> Not quite what you want, but identify the IP addresses used by the bots, > >> and blacklist them permanently at the edge of your network; they will > >> not stop trying to send mail through your server, even if all subsequent > >> attempts fail. You have better things to do than reject their messages > >> with the MTA. > > The problem is that the bots IP addresses come from dynamic address > > pools and are changing. > > One thing that can help you in that regard: > > deny message = $sender_host_address is listed at $dnslist_domain > !condition = ${if eq {$acl_c0}{$sender_host_address}} > hosts = !+relay_from_hosts > !authenticated = * > dnslists = zen.spamhaus.org : bl.spamcop.net : > combined.njabl.org
I don't like the concept of blacklists, but I will consider it if the flooding still continues in one week. > I put it in my rcpt acl (because I want to see both from and to > addresses), but you could just as easily put it in connect or mail acl > too, or data for that matter (but then that means you see the entire > message body, which consumes YOUR bandwidth). Unacceptable, it's only a small VPS. They will consume the bandwidth within days. Regards, Matthias-Christian -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
