HELO |http://mail.********.com:8888/cgi-bin/put

[xemaps]

Another quick way to block debora and some other mail which always spam, based on sender adress

#add in ACL check_recipient from exim.conf
drop message = <$sender_address> denied by policy
condition = ${if match{$sender_address} \
{anonym|unknown|multi-fax|usafis|delmarintime|ems7\.net|\
transmission-entreprise|emv1\.com|hebergement4|promolm|\
enews\.apple\.com|giftszone\.com\.cn|net2net\.be|debora} \
{yes}{no}}
delay = 120s
# end


this is a sample from my exim.conf
but sorry if someone has deborah in mail

 

[pucky]

I would never ever place a delay in there. If you box all of a sudden suffered a serious dictionary attack that delay would kick up the load on the box big time.

You can kill the debora spammer much easier than that.

In your acl data section a place the following;

deny message = $sender_address has been specifically blocked from sending mail to this server!!!

senders = wildlsearch;/etc/banned.conf

Then in your /etc/banned.conf place the following;

^\Ndebora@*\N

If banned.conf doesnt exist, create it. You can call the filename anything you want.

Restart exim.

 

[hoho]

Thank you both xemaps & pucky.

 

[madalini]

Hello,

I have met same problem. The new situation in my server log is:
|http://mail.oldartero.com:8888/cgi-bin/put
moved to
|http://mail.oldartero.com:8890/cgi-bin/put
and so on.

<<<<<
70.57.165.107 [000009D0] Thu, 23 Nov 2006 09:51:43 +0200 <<< EHLO |http://mail.oldartero.com:8888/cgi-bin/put
70.57.165.107 [000009D0] Thu, 23 Nov 2006 09:51:43 +0200 >>> 250-mail.houseall.ro Hello |http://mail.oldartero.com:8888/cgi-bin/put [70.57.165.107], pleased to meet you.
70.57.165.107 [000009D0] Thu, 23 Nov 2006 09:51:44 +0200 <<< MAIL FROM:<[email protected]>
70.57.165.107 [000009D0] Thu, 23 Nov 2006 09:51:44 +0200 >>> 501 5.7.1 <[email protected]>... Sender refused by the RBL sbl-xbl.spamhaus.org
70.57.165.107 [000009D0] Thu, 23 Nov 2006 09:51:44 +0200 <<< RSET
70.57.165.107 [000009D0] Thu, 23 Nov 2006 09:51:44 +0200 >>> 250 2.0.0 Reset state
70.57.165.107 [000009D0] Thu, 23 Nov 2006 09:51:44 +0200 <<< QUIT
>>>>>>


I said that my time is too precious and I use a list. At this moment I focus only on those that escapes. The list you see above, but there are several ..... and my oppinion is that is good not to start everything from scrach. (than working for nothing, better stay for nothing)

regards