Stop Mailbomer

[bsasninja]

A customer is receiving hundred of e-mails of spam to the same account, the spammer mailbomber is sending e-mails from different IP Address from hong kong.

The mails are coming outside my server to a mail account on my server. I know is hard to prevent this cause they use several IP address to do the bombing, but is there a way to prevent using smtp max connections per IP on exim ? Like 1 or 2 smtp connections per IP address.

I dont know if this function is a viable solution to block lot of connections hogging the server pool.

Thanks

 

[kernow]

Set the users default email address to :fail:
Install Exim Dictionary attack from : http://www.configserver.com/free/eximdeny.html

 

[bsasninja]

I already have the thing you say.
is not dictionary attack, is a mailbombing to an specific mail address.

I would like to know if there is a script or something that stop mails comming from different hosts. Or something that check the message content and refuse it.

Some hosts has something like when you send an email to a wrong address automatically the outlooks pops a warn message with a long test saying that the address doesnt exist or error 550.

In exim I didnt find how to do this.

Thank you

 

[WestBend]

change the email address temporarily then the server will refuse the email.

 

[bmcpanel]

The mails are coming outside my server to a mail account on my server. I know is hard to prevent this cause they use several IP address to do the bombing, but is there a way to prevent using smtp max connections per IP on exim ? Like 1 or 2 smtp connections per IP address.

Currently, there is nothing in Cpanel that will do this. Though, it is an excellent idea.

Email spamming takes up most of a servers resources, I believe. I hope that Cpanel developers realize that the future of cpanel/email software will require that they equip server administrators with as many options as possible to defeat these types of attacks.

With that said, there may be an exim tweak that does this. Maybe someone who acutally likes exim and knows how to use it can help you.

 

[mohit]

set that ID to :fail:

hi,
i think you can check if incoming IP for those mails are same, you can simply DENY that particular IP.

or if you want you can deny the mails for that particular ID by changing the ID to be forwarded to :fail:

or if you want you can specify to discard those subjects, sender or message content from antivirus.exim file but thats not a solution cause your mail server would be accepting mails and discarding them.
perhaps set that recipient to :fail: seems more practical.

see ya,
mohit

 

[casey]

Are they all from the same address?