Goodday all,
recently I had problems with large amounts spam being bounced to domain on my server (the reply-to email addresses were faked). After switching off the 'catch-all' this reduced the influx and load considerably.
Now there seems to be a renewed peak in the arrival of spam "delivery failure" notices in the /input folder of exim (to the same domain name), eventhough there is only a handful of 'allowed' email addresses on that domain!
I use the Dovecot system (v1.0 beta 8), with a /var/spool/exim.in/input for emails arriving from the world and a /var/spool/exim/input for emails that have to be sorted into maildirs.
My three questions:
1) how come these emails are passing through into the /exim/input mail folder eventhough the settings in the control panel point to "The email is dropped and completely ignored"?
The clamav and MailScanner are processing all these emails, but why? I would expect them to vbe dropped, as soon as the recipient email address is read and not accepted.
<EDIT>http://www.directadmin.com/forum/showthread.php?s=&threadid=16430 This thread explains a bit about that it is not 'allowed' to drop/ignore emails.
I wonder though, whether the alternative setting "Fail" will not send the same amount of spam that came in back to the 'spammed' server (ie. double trouble)? </EDIT>
2) How do I make Exim drop these emails, so that it does not take up precious CPU time to scan these emails, like the settings suggest.
3) What is the difference between the /exim/input and /exim/msglog folders? Both contain large numbers of emails. How do I remove the emails from /etc/msglog through the Exim program (now I fgrep for keywords and remove them like that).
Thank you for your insights! SPAM and fake-mail is seriously annoying...
Harro
recently I had problems with large amounts spam being bounced to domain on my server (the reply-to email addresses were faked). After switching off the 'catch-all' this reduced the influx and load considerably.
Now there seems to be a renewed peak in the arrival of spam "delivery failure" notices in the /input folder of exim (to the same domain name), eventhough there is only a handful of 'allowed' email addresses on that domain!
I use the Dovecot system (v1.0 beta 8), with a /var/spool/exim.in/input for emails arriving from the world and a /var/spool/exim/input for emails that have to be sorted into maildirs.
My three questions:
1) how come these emails are passing through into the /exim/input mail folder eventhough the settings in the control panel point to "The email is dropped and completely ignored"?
The clamav and MailScanner are processing all these emails, but why? I would expect them to vbe dropped, as soon as the recipient email address is read and not accepted.
<EDIT>http://www.directadmin.com/forum/showthread.php?s=&threadid=16430 This thread explains a bit about that it is not 'allowed' to drop/ignore emails.
I wonder though, whether the alternative setting "Fail" will not send the same amount of spam that came in back to the 'spammed' server (ie. double trouble)? </EDIT>
2) How do I make Exim drop these emails, so that it does not take up precious CPU time to scan these emails, like the settings suggest.
3) What is the difference between the /exim/input and /exim/msglog folders? Both contain large numbers of emails. How do I remove the emails from /etc/msglog through the Exim program (now I fgrep for keywords and remove them like that).
Thank you for your insights! SPAM and fake-mail is seriously annoying...
Harro
Last edited: