Re: Having been open relay for a moment
On Tue, Oct 08, 2002 at 03:36:15PM +0300, Anton Zinoviev wrote:
> Hi!
>
> Yesterday I received a report from ordb.org that the server I
> administer (lml.bas.bg) is an open relay. This information was used
> immediately by spammers. I was able to close the relay a few hours
> latter. I have some questions regarding this:
>
> 1. The spammers continue attempts to use lml.bas.bg as a relay. As a
> result exim generates about 50Mb log files per hour. How I can
> stop exim from logging messages like ".... refused relay to ..."?
>
> 2. It is possible that in the queues of exim there are still some
> spams. How can I remove them?
>
> 3. In the log-files of exim I have a huge list of e-mail addresses
> of spammers (such as adam2971007@yahoo.com). Can I do something
> useful with them?
>
> 4. It seams to me that spammers ought to pay ordb.org for their
> service. A few years ago when I had similar problem ordb gave
> me enough time to fix the problem. Why don't they do the same
> now? As humans we can make mistakes.
>
> Sincerely, Anton Zinoviev
>
Your best bet is the exim mailing list run by Philip Hazel, the
author.
There is very extensive documentation in /usr/share/doc/exim/spec.txt.gz
If there is nothing but junk mail sitting in the queue, which is often
the case since good mail is delivered quickly, you can just wipe
everything in the subdirectories /var/spool/exim/db, input, msglog/*
as exim recreates anything it really needs in db. If you're paranoid
you can first
cd /var/spool/exim/msglog
exim -M *
to try to send anything sendable before wiping.
Reply to: