Disabling spam-bots

[stars]

We are seeing a lot of remotely triggered attempts to use our server as a relay in WHM Home>>Email>>Mail Delivery Reports. The mail originates from [email protected], the recipient is [email protected] A quick search on Google reveals that this is a known spam bot controlling a large bot net with hundreds or thousands of IP addresses.

Since we have enabled Helo callouts and SPF records are in place, the Spam is not delivered (Sender verify failed). However, the spammer is using up server resources. We believe that the spammer used a contact form to access the server. We have since removed the contact form, but failed send attempts continue to show every 3 – 4 minutes in Mail Delivery Reports. Any advice will be appreciated.

 

[Archmactrix]

I have exactly the same problem going on with these addresses.

 

[dreas]

Possibly your Exim log will show more details about the origin of these messages? Do you perhaps have a full message source including headers?

 

[stars]

Yes, but they will not help. The spammer is using several thousand computers with different IPs he or she controls around the globe. So it is impossible to block them all. Even blocking an entire country will not resolve the issue.

 

[Archmactrix]

Any helpful news on this?