Thanks for posting! I'm following along with the case now and I'll be sure to post an update once I have one.
Thank you @cPRex.
So I set the
So I set the
smtp_accept_max_per_host to '20' but it didn't work. Also tried the smtp_accept_max to 20 but that didn't work either. It seems like absolutely nothing from Exim is working against dictionary attacks. This is crazy. Still getting exactly 100 messages on each attack, and something is obviously blocking or limiting them to 100, but I don't understand what it is. The only thing I can imagine is that the attacker is only sending 100 at a time, but that really defeats the purpose of sending a dictionary attack.we are having this issue since some days ago.. this has never happened, and we haven't made any change. but since some days, we are seeing 400k to 1million -remote- mail on every server. and it's exactly the same as this thread.
Same issue here.. lot of connections and trying to send to dictionary emails.. Any news about the fix? Any way to mitigate?
@Rackmarkt, I switched all my email accounts to :blackhole and although not ideal, it's been working. Just crossing my fingers and hoping nobody misspells any of our email addresses!
Hello, I just filed a similar post and see now that you are experiencing the same issue I am with my hosting servers. No doubt someone has found a new use for AI.
Mail sends are from a non-existant address to 100 random addresses at a hosted domain... using corrputed mail servers around the globe... then the next domain, and so on. Our sender verification and a few country code bans keeps all of them out of client boxes, but I'd sure like to take that load off the servers... as they still have to process them.
I've also been informed by cPanel that the case is being worked on... to see why the Dictionary setting is not restricting them to 4 per domain. I'm experimenting with allowing "no such user" email to go to the admin account to see if that allows the Dictionary setting to work, but with Sender verification enabled, maybe that setting trumps the dictionary one.
I believe the "smtp_max_per_host" setting and the other just limit how many emails can be in the Cc and Bcc fields.... I tried that too.
Mail sends are from a non-existant address to 100 random addresses at a hosted domain... using corrputed mail servers around the globe... then the next domain, and so on. Our sender verification and a few country code bans keeps all of them out of client boxes, but I'd sure like to take that load off the servers... as they still have to process them.
I've also been informed by cPanel that the case is being worked on... to see why the Dictionary setting is not restricting them to 4 per domain. I'm experimenting with allowing "no such user" email to go to the admin account to see if that allows the Dictionary setting to work, but with Sender verification enabled, maybe that setting trumps the dictionary one.
I believe the "smtp_max_per_host" setting and the other just limit how many emails can be in the Cc and Bcc fields.... I tried that too.
