Stop Mailbomer

bsasninja · Nov 7, 2006

A customer is receiving hundred of e-mails of spam to the same account, the spammer mailbomber is sending e-mails from different IP Address from hong kong.

The mails are coming outside my server to a mail account on my server. I know is hard to prevent this cause they use several IP address to do the bombing, but is there a way to prevent using smtp max connections per IP on exim ? Like 1 or 2 smtp connections per IP address.

I dont know if this function is a viable solution to block lot of connections hogging the server pool.

Thanks

kernow · Nov 7, 2006

Set the users default email address to :fail:
Install Exim Dictionary attack from : http://www.configserver.com/free/eximdeny.html

bsasninja · Nov 7, 2006

I already have the thing you say.
is not dictionary attack, is a mailbombing to an specific mail address.

I would like to know if there is a script or something that stop mails comming from different hosts. Or something that check the message content and refuse it.

Some hosts has something like when you send an email to a wrong address automatically the outlooks pops a warn message with a long test saying that the address doesnt exist or error 550.

In exim I didnt find how to do this.

Thank you

WestBend · Nov 7, 2006

change the email address temporarily then the server will refuse the email.

bmcpanel · Nov 10, 2006

bsasninja said:
The mails are coming outside my server to a mail account on my server. I know is hard to prevent this cause they use several IP address to do the bombing, but is there a way to prevent using smtp max connections per IP on exim ? Like 1 or 2 smtp connections per IP address.

Currently, there is nothing in Cpanel that will do this. Though, it is an excellent idea.

Email spamming takes up most of a servers resources, I believe. I hope that Cpanel developers realize that the future of cpanel/email software will require that they equip server administrators with as many options as possible to defeat these types of attacks.

With that said, there may be an exim tweak that does this. Maybe someone who acutally likes exim and knows how to use it can help you.

mohit · Nov 11, 2006

set that ID to :fail:

hi,
i think you can check if incoming IP for those mails are same, you can simply DENY that particular IP.

or if you want you can deny the mails for that particular ID by changing the ID to be forwarded to :fail:

or if you want you can specify to discard those subjects, sender or message content from antivirus.exim file but thats not a solution cause your mail server would be accepting mails and discarding them.
perhaps set that recipient to :fail: seems more practical.

see ya,
mohit

casey · Nov 11, 2006

Are they all from the same address?

Thread starter	Similar threads	Forum	Replies	Date
M	Email pipe to PHP script stop working suddenly	Email	4	Today at 7:09 AM
D	How do I Stop Outgoing email suspensions	Email	8	Jun 7, 2022
J	Stopping [email protected] email from happening	Email	1	May 13, 2022
I	In Progress CPANEL-38632 - Horde spell check stopped working	Email	2	Sep 11, 2021
	I am desperate, i don't know how stop spam in my server WHM	Email	13	Apr 23, 2021

Search

Search

Stop Mailbomer

bsasninja

Well-Known Member

kernow

Well-Known Member

bsasninja

Well-Known Member

WestBend

Well-Known Member

bmcpanel

Well-Known Member

mohit

Well-Known Member

casey

Well-Known Member