One of those days.
Finding Spamming IPs
Too Many Connections to SMTP Port 25
# netstat -ant|grep :25|awk {'print $5'}|cut -d: -f1|sort|uniq -c|sort -nk 1
Filling the Reject Log
# awk {'print $4'} /var/log/exim4/rejectlog|uniq -c|sort -nk 1|tail
IP Block and Domains Blacklist
Blocking spamming IPs and IP networks with iptables:
# iptables -A INPUT -s 192.104.XX.0/24 -j DROP
Blocking domains and senders:
# cat /etc/exim4/lists/bl_senders # Blacklisted domains *@example.com * # Blacklisted senders [email protected] *
And don’t forget to use SpamAssassin.