Am 25.08.2018 um 21:27 schrieb scout--- via Exim-users: > Hi, newbi questions please.. > > I can't figure out how to drop certain hostname connects. I get > thousands of these types of connects per day: > > 2018-08-25 14:16:39.473 [25870] H=69.130.32.95.dsl-dynamic.vsi.ru > (sex.com) [95.32.130.69]:7481 I=[1.2.3.4]:25 sender verify fail for > <email-accou...@my-domain-name.net>: No Such User Here" > 2018-08-25 14:16:39.473 [25870] H=69.130.32.95.dsl-dynamic.vsi.ru > (sex.com) [95.32.130.69]:7481 I=[1.2.3.4]:25 > F=<email-accou...@my-domain-name.net> rejected RCPT > <email-accou...@my-domain-name.net>: Sender verify failed > > Hostname IP's are always hacked international user computers so > there's no sense trying throw the IPs in a firewall. The only > constants is that every single
Take the real IP, put it in a firewall rule, note the time, remove the block after 24h . Works good. The actual spammer can't send mails anymore, the original Serverowner can send mails again later, when he removed his hack. > connection is for the same non-existing account: > email-accou...@my-domain-name.net, and they all have 'sex.com' or > my-domain-name in the hostname H=. Yes, they currently all fail with > just two lines of code in the logs, but the volume of connections is > increasing daily. > > I'm looking for something along the lines of: > > If hostname equals 'sex.com' or hostname equals 'my-domain-name.net' > drop connection (don't process or write to the logs) > nothing is easier spoofed and changed than that. So, your rule would only be temporarily effective. SPAMASSASSIN rules should cover it and they get updated from time to time. I suggest to use spamassassin on your server. You can also use SPAMHAUS or NIXSPAM DNS-BLs , both are very effective against spammers. The false positives are next to zer0. best regards, Marius -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
