Results 1 to 4 of 4
  1. #1
    Join Date
    Mar 2002
    Location
    Orlando, FL
    Posts
    12,207

    How to tighten SMTP to avoid SPAM relaying?

    I have two domains that I recently "re-animated" and they are been used as spam relays. I get almost 2 connections per second, according to the exim log.

    I use ConfigServer Security & Firewall http://www.configserver.com/cp/csf.html which can block IP's that exceed a number of SMTP connections per hour. But these are thousands of IPs and proxies. Is there anything else I can do?

  2. #2
    Join Date
    May 2005
    Location
    Bay Area
    Posts
    1,211
    Couldn't you just require authentication?

  3. #3
    Join Date
    Mar 2002
    Location
    Orlando, FL
    Posts
    12,207
    Authentication is turned on. I resorted to changing the default address to ":fail:" instead of ":blackhole:", as the latter actually accepts the email and then sends it to /dev/null.

    My main problem is the sheer amount of queries that reach the SMTP server.

  4. #4
    Join Date
    Feb 2003
    Location
    Canada
    Posts
    1,010
    Quote Originally Posted by Acroplex View Post
    Authentication is turned on. I resorted to changing the default address to ":fail:" instead of ":blackhole:", as the latter actually accepts the email and then sends it to /dev/null.

    My main problem is the sheer amount of queries that reach the SMTP server.
    :fail: is definitely the better setting.

    I've had good luck using ASSP in front of Exim to prevent most invalid SMTP connections. Generally, spammers connect to port 25 and dump out data as fast as they can, so they can send more spam. ASSP will disconnect them because of this (non-rfc).

    It does much more, such as greylisting, etc. but definitely helps in keeping the amount of connections actually making it to Exim very low.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •