I have added this to the exim.conf
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :
deny dnslists = sbl-xbl.spamhaus.org
message = Connection denied spamhaus.org
We are running chirpys mailscanner package and it works wonderfully but it is a bit resourse hoggish. This rbl deny rule seems to stop a lot of spam before it gets to the mailscanner and has dropped the mail load on the server by a lot.
Does anybody have any pros or cons to running this deny rule ? or suggestions how to make it more efficent or any other improvement?
edit
Make sure you put it after the dictionary deny rule so the dictionary rule can deny and ban before the rbl rule denies the mail
#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :
drop hosts = /etc/exim_deny
message = Connection denied after dictionary attack
log_message = Connection denied from $sender_host_address after dictionary attack
drop message = Appears to be a dictionary attack
log_message = Dictionary attack (after $rcpt_fail_count failures)
condition = ${if > {${eval:$rcpt_fail_count}}{2}{yes}{no}}
condition = ${run{/etc/exim_deny.pl $sender_host_address }{yes}{no}}
!verify = recipient
deny dnslists = sbl-xbl.spamhaus.org
message = Connection denied spamhaus.org
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :
deny dnslists = sbl-xbl.spamhaus.org
message = Connection denied spamhaus.org
We are running chirpys mailscanner package and it works wonderfully but it is a bit resourse hoggish. This rbl deny rule seems to stop a lot of spam before it gets to the mailscanner and has dropped the mail load on the server by a lot.
Does anybody have any pros or cons to running this deny rule ? or suggestions how to make it more efficent or any other improvement?
edit
Make sure you put it after the dictionary deny rule so the dictionary rule can deny and ban before the rbl rule denies the mail
#!!# ACL that is used after the RCPT command
check_recipient:
# Exim 3 had no checking on -bs messages, so for compatibility
# we accept if the source is local SMTP (i.e. not over TCP/IP).
# We do this by testing for an empty sending host field.
accept hosts = :
drop hosts = /etc/exim_deny
message = Connection denied after dictionary attack
log_message = Connection denied from $sender_host_address after dictionary attack
drop message = Appears to be a dictionary attack
log_message = Dictionary attack (after $rcpt_fail_count failures)
condition = ${if > {${eval:$rcpt_fail_count}}{2}{yes}{no}}
condition = ${run{/etc/exim_deny.pl $sender_host_address }{yes}{no}}
!verify = recipient
deny dnslists = sbl-xbl.spamhaus.org
message = Connection denied spamhaus.org
Last edited: