Am 28.05.23 um 04:04 schrieb AC via Exim-users:
I was searching through the lists and reading the documentation but
I'm coming up short on blocking IP only senders.
I've seen ACLs checking sender_helo_name using isip{} but that doesn't
seem to do anything for the case of a literal IP:
H=([18
On 2023-05-28 01:29, Cyborg via Exim-users wrote:
Am 28.05.23 um 04:04 schrieb AC via Exim-users:
I was searching through the lists and reading the documentation but
I'm coming up short on blocking IP only senders.
I've seen ACLs checking sender_helo_name using isip{} but that doesn't
seem to
Dňa 28. mája 2023 9:35:07 UTC používateľ AC via Exim-users
napísal:
>Thanks, I already did check localhost but it appears what I was after was
>actually sender_host_name being empty which, from what I understand, is what
>H=([ip]) actually represents in the logs (if that's not the case hopeful
On 28/05/2023 03:04, AC via Exim-users wrote:
I've seen ACLs checking sender_helo_name using isip{} but that doesn't seem to
do anything for the case of a literal IP:
H=([185.17.76.25])
What's the proper way to check for the above condition and reject it?
There's no "One True Way".
Here's o
On 2023-05-28 03:10, Slavko via Exim-users wrote:
Dňa 28. mája 2023 9:35:07 UTC používateľ AC via Exim-users
napísal:
Thanks, I already did check localhost but it appears what I was after was
actually sender_host_name being empty which, from what I understand, is what
H=([ip]) actually repr
On 28/05/2023 11:34, AC via Exim-users wrote:
What about when the hostname is not in parenthesis in this format H=hostname
[ip]?
https://exim.org/exim-html-current/doc/html/spec_html/ch-log_files.html
--
Cheers,
Jeremy
--
## subscription configuration (requires account):
## https://lists
Dňa 28. mája 2023 10:34:33 UTC používateľ AC via Exim-users
napísal:
>Thank you for the clarification. So in the case of the log showing
>H=(hostname) [ip] then the HELO/EHLO name matched the hostname obtained by
>RDNS of the ip but if I saw H=hostname (other_hostname) [ip] then the
>HELO/EHL
It seems like some of the spammers have changed tactics and are now sending
messages with 98 or so bad RCPT addresses, which (happily) Exim detects. But
now I’m getting a flood of messages in syslog, such as:
2023-05-28 00:24:39 REJECT [168.121.195.104]: bad recipient count high [9]
2023-05-28 0
On 28/05/2023 22:09, Jim Fenton via Exim-users wrote:
Has anyone devised a way to cut down on the number of messages without
eliminating them entirely?
Assuming you're using a "deny" verb in the RCPT ACL for this
condition, if the spammer merrily carries on with a further
bad recipient for thi
