Matthias-Christian Ott wrote: > On Mon, Feb 14, 2011 at 06:43:40AM +1300, Jim Cheetham wrote: >> On 14/02/11 05:53, Matthias-Christian Ott wrote: >>> Do you have any advice for what I should do additionally to ensure that >>> this configuration mistake has no further consequences (like being >>> blacklisted, rejected etc.)? >> >> Not quite what you want, but identify the IP addresses used by the bots, >> and blacklist them permanently at the edge of your network; they will >> not stop trying to send mail through your server, even if all subsequent >> attempts fail. You have better things to do than reject their messages >> with the MTA. > > The problem is that the bots IP addresses come from dynamic address > pools and are changing. > > Regards, > Matthias-Christian >
Changing YOUR servers to new IP won't really make much difference. They'll find anything with port 25 listening. However.. If the bots are coming from dynamic address IP pools, there is no reason to allow them to survive acl_smtp_connect. - Exim's rDNS check will reject those intelligently, ie w/o false positives, and leave you with only connections from valid mailservers with proper DNS credentials. Some of those still send UCE, but nothing like botnets. Nowhere close. - and/or run a check against SORBS or similar Dynamic-IP lists, see: http://en.wikipedia.org/wiki/Spam_and_Open_Relay_Blocking_System You may need a whitelist to exempt a few folks, but ordinarily it will be a very small list - MUCH smaller than a blacklist. Typically 16 to 32 such here. HTH, Bill Hacker -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
