Hi everyone,
As title suggest, is there a way to automatically block or disable the sender's email for certain amount of time (after receving no of failed emails) before they can send again? we got flooded of spam mails to users who does not exist in our domain and this may cause additional process or stress to our domain server.
I already enabled the Dictionary attack protection in the WHM - Exim configuration manager - ACL but I'm not sure how it really works as you can see in my screenshot:
Does it need to be separate email send time or must be received by a existing user first to be flagged as a dictionary attack? I only saw it twice to be flagged it as dictionary attack but only after it went to a existing user after couple of fails to non existing users.
But most of the time, it will be just flood of email fails to non existing users.
I don't want to create a 'blackhole' catch as this may cause problems to legit senders to verify if their email received successfully to the other end. Blocking/discarding the spammer email account will be just a temporary solution as they will create another email account to do their spam email activities.
Thank you and regards.
As title suggest, is there a way to automatically block or disable the sender's email for certain amount of time (after receving no of failed emails) before they can send again? we got flooded of spam mails to users who does not exist in our domain and this may cause additional process or stress to our domain server.
I already enabled the Dictionary attack protection in the WHM - Exim configuration manager - ACL but I'm not sure how it really works as you can see in my screenshot:
Does it need to be separate email send time or must be received by a existing user first to be flagged as a dictionary attack? I only saw it twice to be flagged it as dictionary attack but only after it went to a existing user after couple of fails to non existing users.
But most of the time, it will be just flood of email fails to non existing users.
I don't want to create a 'blackhole' catch as this may cause problems to legit senders to verify if their email received successfully to the other end. Blocking/discarding the spammer email account will be just a temporary solution as they will create another email account to do their spam email activities.
Thank you and regards.
Last edited by a moderator:
