bsasninja

Well-Known Member
Sep 2, 2004
527
0
166
A customer is receiving hundred of e-mails of spam to the same account, the spammer mailbomber is sending e-mails from different IP Address from hong kong.

The mails are coming outside my server to a mail account on my server. I know is hard to prevent this cause they use several IP address to do the bombing, but is there a way to prevent using smtp max connections per IP on exim ? Like 1 or 2 smtp connections per IP address.

I dont know if this function is a viable solution to block lot of connections hogging the server pool.

Thanks
 

bsasninja

Well-Known Member
Sep 2, 2004
527
0
166
I already have the thing you say.
is not dictionary attack, is a mailbombing to an specific mail address.

I would like to know if there is a script or something that stop mails comming from different hosts. Or something that check the message content and refuse it.

Some hosts has something like when you send an email to a wrong address automatically the outlooks pops a warn message with a long test saying that the address doesnt exist or error 550.

In exim I didnt find how to do this.

Thank you
 

WestBend

Well-Known Member
Oct 12, 2003
173
0
166
change the email address temporarily then the server will refuse the email.
 

bmcpanel

Well-Known Member
Jun 1, 2002
546
0
316
The mails are coming outside my server to a mail account on my server. I know is hard to prevent this cause they use several IP address to do the bombing, but is there a way to prevent using smtp max connections per IP on exim ? Like 1 or 2 smtp connections per IP address.
Currently, there is nothing in Cpanel that will do this. Though, it is an excellent idea.

Email spamming takes up most of a servers resources, I believe. I hope that Cpanel developers realize that the future of cpanel/email software will require that they equip server administrators with as many options as possible to defeat these types of attacks.

With that said, there may be an exim tweak that does this. Maybe someone who acutally likes exim and knows how to use it can help you.
 

mohit

Well-Known Member
Jul 12, 2005
553
0
166
Sticky On Internet
set that ID to :fail:

hi,
i think you can check if incoming IP for those mails are same, you can simply DENY that particular IP.

or if you want you can deny the mails for that particular ID by changing the ID to be forwarded to :fail:

or if you want you can specify to discard those subjects, sender or message content from antivirus.exim file but thats not a solution cause your mail server would be accepting mails and discarding them.
perhaps set that recipient to :fail: seems more practical.

see ya,
mohit