grokking exim4 and slowing spammers with iptables -m recent
Hi folks.
I've been using Exim since I started doing e-mail on my
Debian box many years ago. But I never was able to really
get into its configs- the docs are kind of hard to grok for
me. And the exim4 configs really make my brain hurt... I
can't tell where the settings are without doing a 'grep ptn
/etc/default/exim* /etc/exim4.config $(find /etc/exim4/.
-type f)' and event then I have trouble. Thank goodness
the dpkg reconfigure does a good job.
Anyhow, I've had a domain for a decade where my hosting svc
used to forward *all* e-mail to me, and spammers made up
usernames and passed them around. Ultimately the load
became too heavy for his servers and he wasn't inclined to
fix the config, so I pointed the MX to my DSL line and took
it inhouse- Exim handles it very well.
Getting to the point, I now have tons of "Unroutable
address" logs like this in my /var/log/exim4/mainlog...
2005-11-22 12:34:53 H=adsl-63-195-120-242.dsl.snfc21.pacbell.net (thesitefights.com) [63.195.120.242] F=<connie.cisneros_qx@adelphia.com> rejected RCPT <middleton@of.net>: Unrouteable address
What I'd love to do is trigger an action in those cases-
something like ..
echo 63.195.120.242 \
> /proc/net/ipt_recent/smtp_penalty_box
...which would trigger something like...
iptables -A INPUT \
-m recent --name smtp_penalty_box --rcheck --seconds 60 \
-j DROP
...and effectively block that sender for a minute.
Yes, I know about tarpit, and it's cool, but I don't really
want to do a complete tarpit in these circumstances (it could
trigger in legit cases too)- I want to slow down senders who
are using logs of made-up addresses.
So my question is... Can you tell me or point me toward where
I would put my "echo to the penalty box" in the Exim4 configs?
Best Regards,
Tony
Reply to: