How to stop spam email to non-existent users ending with our domain names?

[greentea]

Hi,

A lot of spammers are trying to send spam email to numerous non-existent users ending with our domain names. Our log shows many many lines such as follows:

[209.101.126.107] F=<[email protected]> rejected RCPT <[email protected]>: authentication required

How do we stop them?

Thank you in advance.

 

[nobaloney]

The log example you posted seems to show that the email has been blocked.

Jeff

 

[greentea]

Yes, the email had been blocked.

But is there any way we can configure DA and / or our server to completely ignore such spam mail attacks? So that DA and our server resources will not be wasted on such attacks, e.g. listening to them, logging them, dropping them, etc.?

Thank you in advance.

 

[nobaloney]

How?

How can exim, or you or I, for that matter, not listen to something before we listen long enough to know we shouldn't listen.

Exim is listening until it discovers the email isn't deliverable.

Then it will drop the connection.

Yes, it logs the dropped connection. I suppose you could figure out how to tell it to not log the dropped connection. But I don't think so because it's already made the connection and "listened" to the email long enough to know who the recipient is.

And think about this side effect: If you think you entered an email account but didn't, you'd never see the requests in the log, so you wouldn't know the email was bouncing.

I don't believe you can do it in exim.conf; as the logging information in exim.conf shows what to include, but not under what circumstances to include it.

If I wanted to do it, I'd ask on the exim-users list.

Jeff