I've recently been getting hammered by mail15.com performing a dictionary attack on my mail server - my server accepts email to anyone @clueball.com, and so I've been recieving several thousand piece of spam a day advertising mail15.com.
This is obviously somewhat upsetting - it may get marked as spam, but I'm still taking a fairly major bandwidth hit, and it's clogging up my spam folder, making it very very difficult to spot if I get any false positives. The emails come from a variety of different broadband and dialup machines - I'm not especially keen to start dropping emails from large chunks of the internet at the SMTP level. However, the spamming software they're using always identifies the IP as being from compuserve.com, which I believe is done at the HELO time. Were I using exim4, Google would have returned a great snippet I could add to my config file that would allow me to easily refuse all mail where the connection started off with a 'HELO compuserve.com'. I'm not, I'm using Exim 3.6(?) that came with Debian, and I'm unable to work out a nice solution. Can anyone suggest how one might convince Exim 3 to do this? Thanks! +Pete -- How vain it is to sit down to write when you have not stood up to live. -- Henry David Thoreau
