Many e-mail servers have encountered a massive spam spam received from e-mail addresses in China.
To filter IPs is quite difficult, especially if they are a few thousand and are not included in a global SPAM list. I have seen, however, that many messages come from qq.com. A domain address that uses a lot of IPs and makes SPAM globally.
If we identify the source domain from which these messages are sent and we have access to the EXIM service configurations, you can set an automatic rejection of them. This means that messages sent from a specific domain name or e-mail address can be automatically rejected.
How do we set EXIM to automatically reject incoming messages from one or more domain names, email addresses, or even TLDs (.cn, .in, .io, etc ...)
First of all we need to have full access to the e-mail server and let us know that e-mail is being transported through the EXIM service. This is also the most widely used on Linux servers.
1. Locate and open for editing "exim.conf". The name may vary depending on the EXIM version used.
2. In exim.conf we add the following lines for ACL
acl_check_data: deny senders = / etc / deny_senders I accept
We save the file after adding the lines above.
3. Creating and editing the "deny_senders" file by adding domains, emails or .tlds from which we do not want to receive mail:nano / etc / deny_senders
*@qq.com * .cn email@example.com
4. We save the file and restart the EXIM service.
systemctl restart exim
The result in the server will look like this:
tail -f /var/log/exim.log 1eYSPn-0006oJ-2U H = (qq.com) [22.214.171.124] F = <firstname.lastname@example.org> rejected after DATA 1eYSQJ-0006ok-FN H = (aplongsheng.com) [126.96.36.199] F = <email@example.com> rejected after DATA 1eYSQU-0006pT-F6 H = (cdadsj.com) [188.8.131.52] F = <firstname.lastname@example.org> rejected after DATA 1eYSSQ-0006ux-QB H = (qq.com) [184.108.40.206] F = <email@example.com> rejected after DATA
It's the easiest simple option if you're taken up by waves of SPAM coming from China, India, Russia or other areas of the globe. However, before blocking a domain name or a TLD, make sure you do not have partners or collaborators who can contact you from these addresses.
This EXIM setup is valid for both web servers with cPanel and for those with VestaCP.