Re: Having been open relay for a moment (summary)
Thanks to all who replied. I decided to make a summary of the replies
as some of them were private.
On 8.X.2002 at 15:36 Anton Zinoviev wrote:
>
> 1. The spammers continue attempts to use lml.bas.bg as a relay. As a
> result exim generates about 50Mb log files per hour. How I can
> stop exim from logging messages like ".... refused relay to ..."?
Reports to relevant ISPs can be made if there is only a small number
of IP/netblocks. (Unfortunately this is not my case.) The local
firewall can be used. Postfix is a good alternative of exim.
> 2. It is possible that in the queues of exim there are still some
> spams. How can I remove them?
In order to look at the queue:
exim -bp (the same as mailq)
To look at the header, body of the waiting messages:
exim -Mvh <serial>
exim -Mvb <serial>
To remove a message:
exim -Mrm <serial>
If there is a common pattern in the waiting spam, then use (something
different can be used instead of the first line):
mailq | grep <identifying item> |
awk 'NF>=3 {print $3}' | xargs exim -Mrm
To remove a message and send error message to the sender:
exim -Mg <serial>
To do the same with all waiting messages as normal messages usually
are delivered immediately:
cd /var/spool/exim/msglog; exim -Mg *
After that command the contents of /var/spool/exim/{db,msglog,input}
can be wiped as exim automaticaly recovers anything it needs. In
order to avoid frozen messages I used `killall exim'.
> 3. In the log-files of exim I have a huge list of e-mail addresses
> of spammers (such as adam2971007@yahoo.com). Can I do something
> useful with them?
No, they are random and have nothing with the spammers.
> 4. It seams to me that spammers ought to pay ordb.org for their
> service. A few years ago when I had similar problem ordb gave
> me enough time to fix the problem. Why don't they do the same
> now? As humans we can make mistakes.
Ordb.org doesn't give their lists of relays to anyone,
<http://ordb.org/faq/#zone_transfer>. Spammers have their own
automated scans. Most of the servers in the base of Ordb.org are
already abused open relays.
Sincerely, Anton Zinoviev
Reply to: