Block Incoming Mail on a Server Level

[webdr]

Exim is generating very large log files on a server which hosts about 60 domains belonging to one client, some of the domain names being very old and subject to large amount of spam. The device containing /var/log is reaching close to 100% usage just as the log files rotate. Less than 10 of the domains actually use mail, the rest being configured to :fail:.

Some of the things I have either tried or have considered are:

• removing valias file for a domain (still generates log entries)
• alias the primary maillog file to another device (does not deal with the problem really)
• remove MX from zone file (still resolves via A record)

It would make more sense to simply (or not simply?) block the mail for these domains before they reach the MTA. While the server performs well even under the load, there seems to be no logical reason to subject it to the processing of mail which will never be delivered.

Is there a way to block mail to defined domains on a server level so the connection would be rejected immediately?

[chirpy]

Is there a way to block mail to defined domains on a server level so the connection would be rejected immediately?

That's what :fail: will do. You'll still see the connection and rejection in the exim logs. One idea would be to point MX record to an A record that goes to 127.0.0.1 for those domains that you don't want to see any email for. You'll still probably get some coming through on the A record, but it should be less that if you simply remove the MX record.

[webdr]

That's what :fail: will do. You'll still see the connection and rejection in the exim logs. One idea would be to point MX record to an A record that goes to 127.0.0.1 for those domains that you don't want to see any email for. You'll still probably get some coming through on the A record, but it should be less that if you simply remove the MX record.

That looks like a promising solution. Am trying it out now and will post results. Thanks!

[dragon2611]

maybe ASSP or ASSPx might help..

Amount of spam i've been getting on my domain email accounts has plummeted since I started using that

[webdr]

Mail is rejected with a server misconfiguration error. A single entry is made in the log (cannot deliver...) instead of multiple entries. This is an improvement and should reduce log file size and reduce server impact.

While not a perfect solution, it is adequate. With any luck spammers will stop hitting these domains over time (not holding breath).

Thanks again!

[serversphere]

While not a perfect solution, it is adequate. With any luck spammers will stop hitting these domains over time (not holding breath).

I have an address I used to sign up for a mailing list back in 1996 that still gets email. I stopped using it looong ago. I don't think they EVER give up...

[kev1nk]

Hello,

Your story sounds horrible. I think that you already know that the cPanel team has begun to use a new "strategy" in the mail service configuration - access list. You could use the "rcpt" check access list in order to create custom rules for your needs. You could create your own policy and the "bad" e-mail messages will be discarded very fast. However they will reach the SMTP service and they will be discarded after that. So they will reach the application (layer 7).

I am afraid that the only possibility to prevent the attack is to use layer 7 based firewall on the local machine, to use a spam filtering device before your server or 3rd party smtp machine.

Otherwise you will have to configure your machine properly.

Best Regards
Kevin K