Hello Andrew On 4 Mar 2002, at 14:06, Andrew Tait wrote:
> Every so often we have spammers hammering our mail servers (running Exim) > attempting to relay messages. They fail of course, however they sit there, > some times for several weeks, attempting e-mail address after e-mail > address. Are these spammers really trying to relay or are they trolling for addresses to spam by trying every name in a dictionary? I get logs like these: 2002-03-05 06:30:53 verify failed for SMTP recipient [EMAIL PROTECTED] from <[EMAIL PROTECTED] > H=lsanca1-ar14-113-104.lsanca1.dsl.gtei.net (mail.nowhere.com) [4.42.113.104] 2002-03-05 06:30:53 verify failed for SMTP recipient [EMAIL PROTECTED] from <[EMAIL PROTECTED]> H=ls anca1-ar14-113-104.lsanca1.dsl.gtei.net (mail.nowhere.com) [4.42.113.104] 2002-03-05 06:30:54 verify failed for SMTP recipient [EMAIL PROTECTED] from <[EMAIL PROTECTED]> H=lsanca1-ar14-113-104.lsanca1.dsl.gtei.net (mail.nowhere.com) [4.42.113.104] 2002-03-05 06:30:54 verify failed for SMTP recipient [EMAIL PROTECTED] from <[EMAIL PROTECTED]> H =lsanca1-ar14-113-104.lsanca1.dsl.gtei.net (mail.nowhere.com) [4.42.113.104] 2002-03-05 06:30:55 verify failed for SMTP recipient [EMAIL PROTECTED] from <[EMAIL PROTECTED]> H =lsanca1-ar14-113-104.lsanca1.dsl.gtei.net (mail.nowhere.com) [4.42.113.104] > The two options I can see so far are either a program monitoring the > rejectlog file to detect abuse, or an exim filter. I don't have a solution for the above. Maybe the solution is a patch to exim that causes an increasing delay after each verification failure. This would have to be coupled to a configuration which limits the number of concurrent connections exim will accept from an IP address. (Available via the smtp_accept_max_per_host directive). Have you had a look at the exim documentation, web site and mailing list etc? Regards Ian --------------------------------------------------------------------- Ian Forbes ZSD http://www.zsd.co.za Office: +27 21 683-1388 Fax: +27 21 674-1106 Snail Mail: P.O. Box 46827, Glosderry, 7702, South Africa --------------------------------------------------------------------- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
