Skip to main content

Need to Ban a Gmail email address that is spamming accounts on server

Comments

3 comments

  • rbairwell
    You'll need to add a block in Exim's configuration "acl_smtp_rcpt" with something like: deny senders = /etc/exim.denysenders.conf and then list the email addresses the spam is coming from in /etc/exim.denysenders.conf If the email is being sent FROM your server (such as via a web form), it will then be bounced back to your server as undeliverable: so somebody is likely to get it anyway... If it is coming from a web form, I would look at blocking the email using rules in Apache mod_security (or using a Captcha type system).
    0
  • WorkinOnIt
    Thanks, I'll give that a try next time. It's not coming from any web form. Someone has obviously queried the DNS for a domain and has managed to find a "list of domains" on that range and has then proceeded to email them all with cheap spammy rubbish multiple times. A determined spammer.
    0
  • rbairwell
    If they are all coming from the same spammer farm, it may be worth checking the headers of the email and see if you can filter/firewall off their email servers - it'll be much lower CPU processing on your end (as the firewall can just do a check IP check as opposed to Exim having to fire up, accept some of the email, compare records etc). If they are sending from primarily Nigerian IP addresses (for example) and you have a very low chance of getting business from Nigeria, then block the entire country (or just their ISP etc). Of course, if they are actually sending through Gmail (instead of just spoofing the address) that's not going to work. Feel free to DM me the headers of a couple of the messages and I'll try and suggest suitable rules.
    0

Please sign in to leave a comment.