Block domains

[cachorroyayo]

Hi All.

Few days ago we realized that one domain is using our platform to send mails easily. (As Spam and Relayed)

We want to block the source IP address but the domains is using many IPs from many servers around the world (as a zombie).

I just edit the file blacklist_domain to attemp to block this domains but is not working for me.


I'm using

SpamBlocker.exim.conf.2.1.1-release #
# 05-Jun-2007 #
# Runtime configuration file for DirectAdmin/Exim 4.24 and above #
# Requires exim.pl dated 20-Apr-2007 17:09 or later

My Server is running on FreeBSD 7.0 Release i386

But I can't get this file help me to block this domain.
I'm having troubles because this sender is listing me at UCEProtect Level 1.
I've changed the IP from my server the last weekend, but the problem will continue because the Spammer send mails through our server using domain name and changing quickly their IP address.

(If any can reply in spanish - better)

Thank You Very Much.

 

[LawsHosting]

Exim by default isn't set up as a relay

 

[nobaloney]

Since the DirectAdmin default exim configuration only allows relaying for logged in users you should use your logs and check your queue to figure out who is spamming, and suspend that user.

Jeff

 

[cachorroyayo]

Hello Again,

It seems to me, I'm a victim from an attack.
we want to block a mail address who is trying to send mails through our server. But I can find the way to do it.

In the log '/var/log/exim/mainlog I could find this.

2010-08-11 15:59:25 1OfrgY-000GXu-GF ** [email protected] F=<[email protected]>: Unrouteable address
2010-08-11 15:59:26 1Oebdd-0007mR-Bo ** [email protected] F=<[email protected]>: Unrouteable address
2010-08-11 15:59:26 1OfOss-000Ci5-5r ** [email protected] F=<[email protected]>: Unrouteable address
2010-08-11 15:59:29 1Of0rN-000ATG-LI ** [email protected] F=<[email protected]>: Unrouteable address
2010-08-11 15:59:29 1OfrgY-000Gc4-Jq ** [email protected] F=<[email protected]>: Unrouteable address

I do upgrade exim.conf with exim.pl
I do ln -s domains to use_rbl_domains
I do limit with once to 200 after to 300 and now I set this to 600 /etc/virtual/limit
I' having problems with /etc/virtual/usage yesterday in the nigth I've removed all the files from this path, and today in the morning I should to do it once.
Finally I put a cronjob related with tally and restart cronjob

10 */4 * * * root echo 'action=tally&value=all' >> /usr/local/directadmin/data/task.queue

But We are trying to block this address to still send mails or at least their tries.

Exists any way to do it?


Regards

 

[nobaloney]

You'll need to go through your queue, looking for example, for emails sent to samanet.com.br. Check the queue to see where they're coming from.

Jeff

 

[cachorroyayo]

Hello Jeff,
I could find the messages from the domain I'm looking for. but I have more than 30,000 mails in queue.
I want to remove this mails from queue and block this [email protected]


Regards

 

[nobaloney]

I've just spent too much time responding and explaining in your last thread to do it all again. Please don't double-post.

Now I strongly suggest you kill the entire queue:

1st use the control panel to shut off exim.

Then:

# ls -1 /var/spool/exim/msglog | xargs exim -Mrm

Then:

# ls -1 /var/spool/exim/input | xargs rm -f

Then:

# ls -1 /var/spool/exim/msglog | xargs rm -f

Then restart exim from the control panel.

Jeff