Richard Hector writes:
> My understanding is that most spam comes from compromised home
> machines these days - so the person getting disrupted is some poor
> sucker whose machine is compromised, not the actual offender.
I wrote:
> The machine is compromised because the sucker failed to secure it.
On Tue, 2010-07-06 at 09:09 -0500, John Hasler wrote:
> Richard Hector writes:
> > My understanding is that most spam comes from compromised home
> > machines these days - so the person getting disrupted is some poor
> > sucker whose machine is compromised, not the actual offender.
>
> The machine
Richard Hector writes:
> My understanding is that most spam comes from compromised home
> machines these days - so the person getting disrupted is some poor
> sucker whose machine is compromised, not the actual offender.
The machine is compromised because the sucker failed to secure it.
While the
On Thu, 2010-07-01 at 21:08 +0100, Alan Chandler wrote:
> I would like to cause as much disruption to these guys as possible.
I'd happily drop packets to save bandwidth, and load on my MTA, but I'd
think twice about that reason.
My understanding is that most spam comes from compromised home mach
On Thu, Jul 01, 2010 at 09:08:26PM +0100, Alan Chandler wrote:
> On 01/07/10 18:43, lee wrote:
> >Just to be curious, what is the thinking/idea/advantage behind
> >disallowing connections by firewall rules instead of denying the
> >relaying or blacklisting the originating IPs through exims
> >confi
On Jo, 01 iul 10, 19:43:44, lee wrote:
> > One downside seems to be that it creates lots of exim processes, and
> > I am not sure why yet. It may be open connections with dropping
> > data as a result of the recently added iptables rule
>
> Just to be curious, what is the thinking/idea/advantag
lee wrote:
> Just to be curious, what is the thinking/idea/advantage behind
> disallowing connections by firewall rules instead of denying the
> relaying or blacklisting the originating IPs through exims
> configuration?
A firewall rule can blacklist the IP address rather than just the (SMTP)
ser
Alan Chandler wrote:
> bantime = 86400
I'm up to 129660 (36 hours) so far; like you I've seen 24 hour cycles.
> failregex = \[\] .*(?:rejected by local_scan|Unrouteable
> address|relay not permitted)
This similar rule works for me. The callout verification catch is there
because I run an MX f
On 01/07/10 17:45, Joe wrote:
Some sites try many simultaneous connections. Have you got this set?
exim4/conf.d/main/02_exim-config_options:
.
.
.ifndef SMTP_ACCEPT_MAX_PER_HOST
SMTP_ACCEPT_MAX_PER_HOST = 3
.endif
smtp_accept_max_per_host = SMTP_ACCEPT_MAX_PER_HOST
.
.
If it's there, and it wa
On 01/07/10 18:43, lee wrote:
On Thu, Jul 01, 2010 at 03:58:24PM +0100, Alan Chandler wrote:
first /etc/fail2ban/jail.local to define the jail for exim (as it is
not included as standard in the Debian configuration). This just
required a few simple lines
One downside seems to be that it cre
On Thu, Jul 01, 2010 at 03:58:24PM +0100, Alan Chandler wrote:
> first /etc/fail2ban/jail.local to define the jail for exim (as it is
> not included as standard in the Debian configuration). This just
> required a few simple lines
> One downside seems to be that it creates lots of exim processes
On 01/07/10 15:58, Alan Chandler wrote:
One downside seems to be that it creates lots of exim processes, and I
am not sure why yet. It may be open connections with dropping data as a
result of the recently added iptables rule
Some sites try many simultaneous connections. Have you got this set?
On 30/06/10 15:48, Chris Davies wrote:
Alan Chandler wrote:
I have just moved my mail server (exim4 split config based) from one
machine to another, and in doing so started examining the logs. I am
being hit with multiple attempts to relay - several a second. They come
in bursts from one host
Alan Chandler wrote:
> I have just moved my mail server (exim4 split config based) from one
> machine to another, and in doing so started examining the logs. I am
> being hit with multiple attempts to relay - several a second. They come
> in bursts from one host, then come from somewhere else.
O
On 29/06/10 11:46, Chris Davies wrote:
Alan Chandler wrote:
I have just moved my mail server (exim4 split config based) from one
machine to another, and in doing so started examining the logs. I am
being hit with multiple attempts to relay - several a second. They come
in bursts from one host
On Tue, Jun 29, 2010 at 4:16 PM, Chris Davies wrote:
> Alan Chandler wrote:
>> I have just moved my mail server (exim4 split config based) from one
>> machine to another, and in doing so started examining the logs. I am
>> being hit with multiple attempts to relay - several a second. They come
Alan Chandler wrote:
> I have just moved my mail server (exim4 split config based) from one
> machine to another, and in doing so started examining the logs. I am
> being hit with multiple attempts to relay - several a second. They come
> in bursts from one host, then come from somewhere else
I have just moved my mail server (exim4 split config based) from one
machine to another, and in doing so started examining the logs. I am
being hit with multiple attempts to relay - several a second. They come
in bursts from one host, then come from somewhere else.
I would like to put some f
18 matches
Mail list logo
