Results 1 to 4 of 4
-
08-26-2007, 07:56 PM #1Web Hosting Master
- Join Date
- Mar 2002
- Location
- Orlando, FL
- Posts
- 12,207
How to tighten SMTP to avoid SPAM relaying?
I have two domains that I recently "re-animated" and they are been used as spam relays. I get almost 2 connections per second, according to the exim log.
I use ConfigServer Security & Firewall http://www.configserver.com/cp/csf.html which can block IP's that exceed a number of SMTP connections per hour. But these are thousands of IPs and proxies. Is there anything else I can do?
-
08-26-2007, 08:48 PM #2Web Hosting Master
- Join Date
- May 2005
- Location
- Bay Area
- Posts
- 1,211
Couldn't you just require authentication?
-
08-26-2007, 10:21 PM #3Web Hosting Master
- Join Date
- Mar 2002
- Location
- Orlando, FL
- Posts
- 12,207
Authentication is turned on. I resorted to changing the default address to ":fail:" instead of ":blackhole:", as the latter actually accepts the email and then sends it to /dev/null.
My main problem is the sheer amount of queries that reach the SMTP server.
-
08-26-2007, 10:54 PM #4Web Hosting Master
- Join Date
- Feb 2003
- Location
- Canada
- Posts
- 1,010
:fail: is definitely the better setting.
I've had good luck using ASSP in front of Exim to prevent most invalid SMTP connections. Generally, spammers connect to port 25 and dump out data as fast as they can, so they can send more spam. ASSP will disconnect them because of this (non-rfc).
It does much more, such as greylisting, etc. but definitely helps in keeping the amount of connections actually making it to Exim very low.