Domain getting 180,000+ emails

[KatieBuller]

I have a user getting
180,000+ emails
# cat /var/log/exim_mainlog | grep domain | wc -l
182786

How can I stop this its overloading my server

I have Dictionary attack block and SPF installed for this domain.

 

[Infopro]

Easy answer, kill that account or at least the email address. That's way over the line of a problem I think.

 

[chirpy]

You should also ensure that you have the Default Address for the domain set to :fail: for the dictionary attack ACL to work. It won't stop the server getting the SMTP connections, but will stop it receiving and processing the emails. You either have to ride it out, or as Infopro says, if it's unbearable you need to either ditch the domain sadly, or use a 3rd party email scanning service and let them take the strain.

 

[haze]

As well as installing Chirpy's dictionary attack protection I would suggest implenting at very least this option . You may also want to enable spam assassins learning feature or set spam traps to send the checksums to Razor, DCC, Pyzor, Spamcop or similar. Try to ensure that you don't submit any legit email however as that can greatly increase the chances of false possitives, as well as increase your chances of being banned from the submission services completely.

Other options include http://www.spamlinks.net/filter.htm.