block pc in exim.conf directadmin

 I want to block certain botpc's who are always trying to bruteforce.


DA

add the down code juts after begin acl



acl_check_helo:

  #accept email originating on this server unconditionally

  accept  hosts = @[] : @


  # deny if the HELO pretends to be this host

  # EDIT AS REQUIRED TO FIT YOUR ENVIRONMENT

  # EDIT : REPLACE HOSTNAME WITH YOUR HOSTNAME AND IP with your main IP#

  deny message = You cannot be me

       condition = ${lookup{$sender_helo_name}lsearch{/etc/heloblocks}{yes}{no}}

   log_message = HELO/EHLO - HELO on heloblocks Blocklist

   message = HELO on heloblocks Blocklist

   

  accept


cpanel/whm


Thanks to some help on the "Exim Users" mailing list, I have the proper solution:

1) Create a file with a list of the HELOs that you want to block. For example, create and edit /etc/heloblocks

2) Go to WHM > Exim Configuration Manager > Advanced Editor.

3) Scroll down until you find "acl_smtp_helo"

4) Below that, you will find a box titled "custom_begin_smtp_helo". In that box, paste the following code:

Code:
# vi /etc/exim.conf

acl_smtp_helo = acl_smtp_helo
acl_smtp_helo:

#BEGIN ACL_SMTP_HELO_BLOCK
drop
   condition = ${lookup{$sender_helo_name}lsearch{/etc/heloblocks}{yes}{no}}
   log_message = HELO/EHLO - HELO on heloblocks Blocklist
   message = HELO on heloblocks Blocklist
accept

#END ACL_SMTP_HELO_BLOCK

Of course, you can customize the log message and the message (that the end user receives)

5) Scroll down and hit SAVE which will save the config and restart Exim.

If you want to test it out, start up a tail of /var/log/exim_mainlog, and then telnet from your computer like this:

telnet mail.example.com 25
then after receiving the welcome message, type this:
helo ylmf-pc

You should immediately get disconnected and you should see a log message indicating the block.


Now I found this on the internet:
Code:
# vi /etc/exim.conf

acl_smtp_helo = acl_smtp_helo
acl_smtp_helo:

#BEGIN ACL_SMTP_HELO_BLOCK
drop
   condition = ${if eq {$sender_helo_name}{ylmf-pc} {yes}{no}}
   log_message = HELO/EHLO - ylmf-pc blocked
   message = I Nailed You at HELO
accept

Comments

Post a Comment

Popular posts from this blog

cpanel exam CPSP Answers

 Which of the following options best describes the role of Shared Hosting on a web server? Providing hosting for a single website owned by different people on multiple servers. Providing hosting for a single website owned by one person on one server. Providing hosting for multiple websites owned by different people on one server. Providing hosting for multiple websites owned by one person on one server. 3 Which of the following capabilities can a cPanel account user perform easily from within the cPanel account interface without the aid of a system administrator? File and configuration management. Relocating the physical server. Upgrading server hardware and equipment. Installing new database software. 1 File and configuration management. Which of the following options best describes a core benefit to using cPanel & WHM, as a web hosting provider operating on a cPanel & WHM environment? cPanel users are able to create new virtualization resources to help host their web appl...
Read more

How to install zimbra collaboration suite 8.8.11 on CentOS 7

Check system requirements  https://wiki.zimbra.com/wiki/Zimbra_Releases/8.7.0/Single_Server_Installation#System_Requirements prerequisites Before we get started, here are a few things that are required before we proceed with the installation. A clean installation of Centos 7 A Fully Qualified Domain (FQDN) for your server(Example mail.geekybum.com) An external DNS server with both A and MX records for your server to point to your Zimbra mail server IP Address A static IP Address assigned to network interface. Step 1: Root login to server through SSH Step 2: Install required packages for zimbra coloboration suite installation yum -y install unzip net-tools sysstat openssh-clients perl-core libaio nmap-ncat libstdc++.so Initial server setup To get started we need to configure a hostname for our server and a static IP address. vi /etc/hosts 135.125.30.56 mail.geekybum.com mail Replace the system hostname and FQDN values accordingly in order to match your ow...
Read more

awstats installation

Set Up AWStats for Nginx on Ubuntu sudo apt-get install awstats add access log file to generate stats using this server { # ... all your other config ... access_log /var/log/nginx/yourdomain.com.access.log ; # ... all your other config ... } /etc/nginx/sites-available vi awstats.parleproducts.com.conf cd /etc/awstats/ vi awstats.parleproducts.com.conf #path to your nginx log file LogFile="/var/log/nginx/parleproducts.com.access.log" # Domain of your vhost SiteDomain="parleproducts.com" # Directory where to store the awstats data DirData="/var/lib/awstats/" # Other domains/subdomain you want included from your logs, for example the www subdomain HostAliases="www.parleproducts.com" # If you customized your log format above add this line: LogFormat = ""%host %other %logname %time1 %methodurl %code %bytesd %refererquot %uaquot"" # If you did not, uncomment and use this line: #...
Read more