Finding Spamming IPs on Exim Mail Server

One of those days.

Finding Spamming IPs

Too Many Connections to SMTP Port 25

# netstat -ant|grep :25|awk {'print $5'}|cut -d: -f1|sort|uniq -c|sort -nk 1

Filling the Reject Log

# awk {'print $4'} /var/log/exim4/rejectlog|uniq -c|sort -nk 1|tail

IP Block and Domains Blacklist

Blocking spamming IPs and IP networks with iptables:

# iptables -A INPUT -s 192.104.XX.0/24 -j DROP

Blocking domains and senders:

# cat /etc/exim4/lists/bl_senders
# Blacklisted domains
*		*

# Blacklisted senders	*

And don’t forget to use SpamAssassin.