I am one of the Sonyericsson mobile phone. This phone makes me amazing.

more »

Aturan Exim Mail Server untuk menanggulangi spam

Posted on: March 16, 2006
Tags:

Kemarin sempat pusing nanganin masalah spam. Ada beberapa member komplain karena mail server tiba-tiba mati. dan memang benar adanya mail server tiba-tiba mati. Setelah dicek ternyata banyak spam yang ingin menggunakan mail server singcat untuk mengirim email. Alhasil karena stress kebanyakan permintaan (request) mail server bunuh diri :D

So, saya coba terapkan aturan yang biasanya disebut HELO trick, berikut kode yang bisa saya share:

# In RCPT TO ACL:
deny message = HELO/EHLO required by SMTP RFC
condition = ${if eq{$sender_helo_name}{}{yes}{no}}
delay = TEERGRUBE
## Forged HELOs
deny message = Forged IP detected in HELO (it’s mine) - $sender_helo_name
hosts = !+relay_from_hosts
log_message = Forged IP detected in HELO: $sender_helo_name
condition = ${if eq{$sender_helo_name}{$interface_address}{yes}{no}}
delay = TEERGRUBE
deny message = Invalid domain or IP given in HELO/EHLO
!condition = ${if match{$sender_helo_name}{.}{yes}{no}}
delay = TEERGRUBE
# If the user HELOs with an IP, we check it against the connecting IP’s rev hostname
deny message = Forged IP detected in HELO - $sender_helo_name != $sender_host_address
hosts = !+relay_from_hosts
condition = ${if match{$sender_helo_name}{N^d+(.d+){3}$N} {yes}{no}}
condition = ${if eq{$sender_helo_name}{$sender_host_address} {no}{yes}}
delay = TEERGRUBE
deny message = Forged hostname detected in HELO - $sender_helo_name
# accept helo which is in local_domain if we relay or had smtp auth
hosts = !+relay_from_hosts
!authenticated = *
log_message = Forged hostname detected in HELO - $sender_helo_name
condition = ${if match_domain{$sender_helo_name}{+local_domains} {yes}{no}}
delay = TEERGRUBE
deny message = Only one recipient accepted for NULL sender
senders = :
condition = ${if >{$rcpt_count}{1} {1}}
delay = TEERGRUBE
.ifdef ALLOWEDRCPTFAIL
drop message= too many unknown users (${eval:$rcpt_fail_count+1} failed recipients)
log_message = Dictionary attack (${eval:$rcpt_fail_count+1} failed recipients).
# remove 2 to match the actual number of max failed recipients requested
condition = ${if >{$rcpt_fail_count}{${eval:ALLOWEDRCPTFAIL-2}} {1}{0}}
# we need to run the drop rule first, but add the last delay here
delay = ${eval:FAILEDRCPTDELAY*$rcpt_fail_count}s
domains = +local_domains
hosts = !+relay_from_hosts
!authenticated = *
.endif
# This won’t work the 1st time: $rcpt_fail_count is incremented later
deny message = unknown user
log_message = Teergrube: dictionary attack (${eval:$rcpt_fail_count+1} failed recipients)
condition = ${if >{$rcpt_fail_count}{0} {1}{0}}
# In teergrube mode, we listen forever and delay more and more
# delay the sender because people who do dictionary attacks can
# reconnect and try again, so let’s slow them down
delay = ${eval:FAILEDRCPTDELAY*$rcpt_fail_count}s
domains = +local_domains
!verify = recipient

Read also:
  • No related posts

Leave a Comment
« Kode untuk membuat delay di Macromedia Flash
Distro turunan Debian lebih baik dari Fedora Core/RedHat? »