Mailing List Archive: exim: users

Spam block

Index | Next | Previous | View Threaded

khussein at hadara

May 4, 2008, 8:24 AM

Post #1 of 5 (171 views)
Permalink

Spam block

Hi All,

i am using Exim4 on FreeBSD 6.0, i have a problem that from time to time
one of my customers (we are ISP) send through my server a huge amount of
emails mostly to yahoo.com domain, so yahoo start deferring my server IP
and sometimes i change the IP address or wait till yahoo open it again,
so how can i make exim catch like these spams or attacks, because the IP
address of the sender is one of our IPs and his email address is correct
and exist on my server, so what is the best solution so i can catch
these attacks

Thanks in advance
-
Regards,
******************************
Khaled J. Hussein
System Manager
Hadara Technologies Group
khaled[at]palnet.com
http://www.palnet.com
Tel. +972 2-240-3434
Fax. +972 2-240-3430
******************************

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim-users-20080324 at djce

May 5, 2008, 12:41 AM

Post #2 of 5 (160 views)
Permalink

Re: Spam block [In reply to]

On Sun, May 04, 2008 at 06:24:22PM +0300, Khaled Hussein wrote:
> Hi All,
>
> i am using Exim4 on FreeBSD 6.0, i have a problem that from time to time
> one of my customers (we are ISP) send through my server a huge amount of
> emails mostly to yahoo.com domain, so yahoo start deferring my server IP
> and sometimes i change the IP address or wait till yahoo open it again,
> so how can i make exim catch like these spams or attacks, because the IP
> address of the sender is one of our IPs and his email address is correct
> and exist on my server, so what is the best solution so i can catch
> these attacks

These emails to yahoo are spam, right?

If he does it again, kick him in the nuts. If he does it another time, kick
him in the nuts once for each spam sent.

Or if you prefer a more technical solution :-) you might want to try using
"ratelimit". e.g. you could say each of your customers (identified by user ID
if they authenticate, or IP if they don't) are rate-limited to 30 emails per
hour, or 100 recipients per minute, or whatever you choose. It's a powerful
option.

http://www.exim.org/exim-html-current/doc/html/spec_html/ch40.html#SECTratelimiting

--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey

Attachments:

signature.asc (0.18 KB)

exim-users-20080324 at djce

May 5, 2008, 12:52 AM

Post #3 of 5 (161 views)
Permalink

Re: Spam block [In reply to]

On Mon, May 05, 2008 at 08:41:11AM +0100, Dave Evans wrote:
> If he does it again, kick him in the nuts. If he does it another time, kick
> him in the nuts once for each spam sent.

I suppose what I meant to say was, don't forget to also take steps to reduce
the likelihood of the user sending the spam in the first place. For example,
if it's a zombied Windows machine, then education (safe browsing, anti-virus,
etc). If it's a business that doesn't yet understand why spam is bad, then
education with a little threat mixed in (assuming you're in a position to
terminate their service). And so on.

But if you get to try the 'nuts' option too, let us know if it works ;-)

--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey

Attachments:

signature.asc (0.18 KB)

martin at antibodymx

May 5, 2008, 3:11 AM

Post #4 of 5 (159 views)
Permalink

Re: Spam block [In reply to]

Khaled Hussein wrote:
> i am using Exim4 on FreeBSD 6.0, i have a problem that from time to time
> one of my customers (we are ISP) send through my server a huge amount of
> emails mostly to yahoo.com domain, so yahoo start deferring my server IP

IM, probably unpopular, O, the correct to solution to all
Yahoo/Hotmail/MSN delivery problems is to ignore it. These guys emit
huge quantities of spam, have near useless abuse contacts[0] and make
sending email to them hard. Delivering to hotmail is extra interesting
as it's perfectly normal for mail successfully sent to simply never
appear in the recipient's account.

--
Martin A. Brooks | http://www.antibodymx.net/ | Anti-spam & anti-virus
Consultant | martin[at]antibodymx.net | filtering. Inoculate
antibodymx.net | m: +447792493388 | your mail system.

[0] The last time I contacted them to report spam, I included the full email including headers as per their instructions. About a week later I got a canned reply saying they couldn't take any further action as I hadn't included the mail headers. Assuming I'd simply made a mistake, I resent the email, definately including the headers. Again, several days later, the exact same message. At that point I gave up.

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

exim-users-20080324 at djce

May 5, 2008, 3:29 AM

Post #5 of 5 (161 views)
Permalink

Re: Spam block [In reply to]

On Mon, May 05, 2008 at 11:11:05AM +0100, Martin A. Brooks wrote:
> Khaled Hussein wrote:
> > i am using Exim4 on FreeBSD 6.0, i have a problem that from time to time
> > one of my customers (we are ISP) send through my server a huge amount of
> > emails mostly to yahoo.com domain, so yahoo start deferring my server IP
>
> IM, probably unpopular, O, the correct to solution to all
> Yahoo/Hotmail/MSN delivery problems is to ignore it.

Fair point, but having one of your own customers/users spewing out spam is a
Bad Thing, even if you don't much care that you can't deliver to
bigfreemailprovider.com any more. Best to get the source of the problem
fixed anyway, and also wise to pre-emptively defend against future spam
floods.

--
Dave Evans
http://djce.org.uk/
http://djce.org.uk/pgpkey

Attachments:

signature.asc (0.18 KB)

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com