This doesn't block the IP, it just drops the connection. Trivial to add
a call to add the sender IP to a file or directly to iptables...
acl_check_helo:
...
drop
message = Crack-bot
log_message = Common crack-bot host name
condition = ${if eq{$sender_helo_name}{ylmf-pc}}
On 09/08/2016 10:17 PM, Dean Hamstead wrote:
Hi All
Its easy enough to add a rule to the exim config to always reject
connections which HELO ylmf-pc. However they still seem to hammer away.
Has anyone come up with anything slick to block the ip address of
clients that make a ylmf-pc request?
Log tailing would be ok, but it seems that an external program could
fairly easily be called (denyhosts or similar)
Dean
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
