[CentOS] please block user
Always Learning
centos at u64.u22.net
Thu Aug 27 15:53:25 UTC 2015
On Thu, 2015-08-27 at 10:35 -0500, Valeri Galtsev wrote:
> Me too: I started receiving them from different IP (with much longer
> delay, so they do add "improvements" to their setup). This IP, has neither
> DNS A record nor DNS PTR record, but has DNS MX record. One can use these
> (have your MX stop talking to anything having broken DNS records).
Exim is available from EPEL.
In Exim:
(1) I set one indicator if the host name does not fully resolve (IP to
name to IP)
(2) I set another indicator if there is something wrong with the
HELO/EHLO name or the name does not resolve to the sender's IP address
(3) I set a third indicator if the SMTP sender = SMTP recipient; or
the SMTP recipient is an email address disused because of spam; or
the SMTP recipient's host is *not* one of ours
(4) If all 3 indicators set, then:-
* then the email attempt is rejected before the email body (DATA) is
received
* a PHP sub-routine is called which creates a fully descriptive internal
email and SUDO is invoked to add the IP address to the firewall's
monthly blocking list.
Otherwise if the sender = recipient or the recipient is 'wrong' the
connection is rejected *before* the message body is accepted from the
sender.
-------------
Meanwhile, every incoming email's sender's host is checked against a
file containing banned senders' host names and the occasional IP
address.
Fight spam by *not* being a passive victim.
Regards,
Paul.
More information about the CentOS
mailing list