[wellylug] Calling all Exim gurus
Darryl Hamilton
wellylug at addict.net.nz
Fri Mar 25 23:58:23 NZST 2005
Ok, I'm a bit stuck with this one. Got an eBay scammer using a server to
send out the usual crap, and it's breaking stuff trying to comply.
So, for two reasons, I want to tell Exim to block the sending of those
emails, but I don't know how, having not used Exim all that much.
Some criteria -
1) the mail is coming from the server itself, I'm guessing a jailshell
but it could be a phpBB exploit or other web form based thing
2) So far, 3 email addresses are being used - awconfirm at ebay.com,
service at ebay.com and awconfirm at ebay.com.us, so I want to block those
three, plus any others that pop up later on.
I'm thinking (hoping) this can be done with an ACL (or a mod to an
existing one), and this is what I'm asking. So far, I have the following
in acl_smtp_rcpt, which doesn't seem to be working
deny hosts = +local_domains
domains = ebay.com:ebay.com.us:paypal.com
If you have any ideas or examples I can look at, please let me know.
Also, if you have any ideas on how to find out where this shit is coming
from, that would be very handy to know.
Thanks
Darryl
More information about the wellylug
mailing list